Bugtraq mailing list archives
Re: LPRng remote root exploit
From: Pekka Savola <pekkas () NETCORE FI>
Date: Sat, 16 Dec 2000 00:23:15 +0200
On Fri, 15 Dec 2000, Matthew Connor wrote:
LPRng-3.6.22/23/24 remote root exploit, enjoy.Upon submission to RedHat, they replied: +------- Additional comments from droesen () entire-systems com 2000-12-15 11:13 ------- +This is resolved long ago. There is an errata update for LPRng available. + +*** This bug has been marked as a duplicate of 17756 ***
And the problem with that is...? See: http://www.redhat.com/support/errata/RHSA-2000-065-06.html The working version is LPRng-3.6.24-2, released ~2.5 months ago. Newer versions of LPRng weren't available at the time. As a matter of fact, it was auditing [for RHL7] by Chris Evans that uncovered the bug in the first place. The upgrade is integrated with -respin ISO's, alongside the up2date and several misc issues AFAIR. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
Current thread:
- LPRng remote root exploit venomous (Dec 15)
- Re: LPRng remote root exploit Matthew Connor (Dec 16)
- Re: LPRng remote root exploit Pekka Savola (Dec 18)
- Re: LPRng remote root exploit Matt Wilson (Dec 18)
- Re: LPRng remote root exploit Jason Edgecombe (Dec 16)
- Re: LPRng remote root exploit Matthew Connor (Dec 16)