Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: lpd exploit?

From: Ryan Yagatich <ryagatich () CSN1 COM>
Date: Fri, 1 Dec 2000 12:51:56 -0500
"root"

1) Cute e-mail address... since microsoft is primarily NT...... ;)

2) i agree with Dr. Altamo, yes there is a problem lpd, in fact, there have
been many problems with lpd in redhat.... all which have been fixed. Here's
some update info:

LPR security - lpd Redhat 7.0:
http://www.redhat.com/support/errata/RHSA-2000-065-06.html
or on bugzilla: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17756
<Quote from redhat.com>
"2. Problem description:


LPRng has a string format bug in the use_syslog function. This function
returns user input in a string that is passed to the syslog() function as
the format string. It is possible to corrupt the print daemon's execution
with unexpected format specifiers, thus gaining root access to the
computer. The vulnerability is theoretically exploitable both locally and
remotely."
</quote>

If you don't feel like reading the short advisory, the patches are as
follows:
i386: ftp://updates.redhat.com/7.0/i386/LPRng-3.6.24-2.i386.rpm
sources: ftp://updates.redhat.com/7.0/SRPMS/LPRng-3.6.24-2.src.rpm



ryan
Previous By Date Next
Previous By Thread Next

Current thread: