Bugtraq: Re: Solaris lpNet & temp files (exploit)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Solaris lpNet & temp files (exploit)

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Wed, 7 May 1997 11:59:57 +0200

Q&D workaround:
 add "umask 022" to /etc/init.d/lp; restart /etc/init.d/lp
 su - root; touch /usr/spool/lp/.rhosts
 su - root; chown root /usr/spool/lp; chmod 755 /usr/spool/lp



The argumetns to the specific lp* filters are defined in
/etc/lp/fd/*.fd.

In this case we have:

/etc/lp/fd/postio.fd:Options: PRINTER * = -L/var/tmp/*.log
/etc/lp/fd/postior.fd:Options: PRINTER * = -L/var/tmp/*.log

The "*" is replaced by the printername; the "right way to modify
this file is with "lpfilter":

The following should fix the bug (but I haven't tested it yet)

echo 'Options: PRINTER * = -L/var/lp/*.log' | lpfilter -f postio -
echo 'Options: PRINTER * = -L/var/lp/*.log' | lpfilter -f postior -


Casper

By Date By Thread

Current thread:

Re: Buffer Overflows: A Summary, (continued)
- Re: Buffer Overflows: A Summary Tommy Marcus McGuire (May 02)
  - Re: Buffer Overflows: A Summary Gene Spafford (May 02)
  - Windows NT 4.0 SAM hotfix Aleph One (May 02)
  - Re: Buffer Overflows: A Summary Lamont Granquist (May 03)
  - Solaris lpNet & temp files (exploit) Chris Sheldon (May 03)
    - Re: Solaris lpNet & temp files (exploit) Casper Dik (May 07)
  - A bug in Elm fflush (May 04)
    - Re: A bug in Elm Larry Schwimmer (May 04)
    - Hole in the KDE desktop Alan Cox (May 05)
    - A vulnerability in Lynx (all versions) fflush (May 05)
    - Re: A vulnerability in Lynx (all versions) Theo de Raadt (May 05)