Bugtraq mailing list archives
Re: Possible weakness in LPD protocol
From: chris () NETMONGER NET (Christopher Masto)
Date: Fri, 3 Oct 1997 16:14:20 -0400
On Fri, Oct 03, 1997 at 02:43:16AM +0200, Thomas Roessler wrote:
On October 02 1997, Bennett Samowich wrote:1.) Obtaining hard (or possibly soft) copies of any file on the system. 2.) Deleting any file on the system. 3.) Creating a file on the system. 4.) Mail bombing.5.) Overflow at least one buffer from the network; this is just above the "print any file" part of recvjob.c:
So far, I haven't seen any mention of LPRng. It was supposedly designed with more security in mind, though I suspect the meaning of "security" was more "students can't print stuff for free" rather than a seach for buffer overruns and such. Anyone know how it compares? -- = Christopher Masto = chris () netmonger net = http://www.netmonger.net/ = = NetMonger Communications = finger for PGP key = $19.95/mo unlimited access = = Director of Operations = (516) 221-6664 = mailto:info () netmonger net = v---(cut here)---v -- yourname () some dumb host com "Keep in mind that anything Kibo says makes a great sig." -- Kibo ^---(cut here)---^
Current thread:
- Security Bulletin for telnet services in HP-UX rel. 10.30 Aleph One (Oct 01)
- underestimating crackers Tim Newsham (Oct 01)
- Re: underestimating crackers John Bashinski (Oct 02)
- [RISKS DIGEST 19.40] Possible breakthrough in NP-completeness Brian Tao (Oct 01)
- Possible weakness in LPD protocol Bennett Samowich (Oct 02)
- Re: Possible weakness in LPD protocol Thomas Roessler (Oct 02)
- Re: Possible weakness in LPD protocol Christopher Masto (Oct 03)
- xc Aleph One (Oct 03)
- Re: Possible weakness in LPD protocol Thomas Roessler (Oct 02)
- NT Domain Authentication Protocol - draft Aleph One (Oct 02)
- underestimating crackers Tim Newsham (Oct 01)