Compendium of *nix lpd vulnerabilities

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/55/22694.html

By Thomas C Greene in Washington
Posted: 07/11/2001 at 07:24 GMT

So many vulnerabilities affecting the lpd (line printer daemon) have
come to light in recent months that CERT/CC has issued a compendium
advisory urging all users and admins to review their system
configurations and patch status
http://www.cert.org/advisories/CA-2001-30.html 

"All of these vulnerabilities can be exploited remotely. In most
cases, they allow an intruder to execute arbitrary code with the
privileges of the lpd server," CERT explains.

A table provided in the above advisory references systems with their
correponding individual advisory.

Affected systems include:

-- BSDi BSD/OS Version 4.1 and earlier

-- Debian GNU/Linux 2.1 and 2.1r4

-- FreeBSD All released versions FreeBSD 4.x, 3.x, FreeBSD 4.3-STABLE,
   3.5.1-STABLE prior to the correction date

-- Hewlett-Packard HP9000 Series 700/800 running HP-UX releases 10.01,
   10.10, 10.20, 11.00, and 11.11

-- IBM AIX Versions 4.3 and AIX 5.1

-- Mandrake Linux Versions 6.0, 6.1, 7.0, 7.1

-- NetBSD 1.5.2 and earlier

-- OpenBSD Version 2.9 and earlier

-- Red Hat Linux 6.0 all architectures

-- SCO OpenServer Version 5.0.6a and earlier

-- SGI IRIX 6.5-6.5.13

-- Sun Solaris 8 and earlier

-- SuSE Linux Versions 6.1, 6.2, 6.3, 6.4, 7.0, 7.1, 7.2

Quite a list -- no doubt soon to be framed on Bill Gates' office wall.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.