Home page logo
/

bugtraq logo Bugtraq mailing list archives

NetBSD Security Advisory 2001-018 Remote Buffer Overflow Vulnerability in LPD
From: NetBSD Security Officer <security-officer () netbsd org>
Date: Thu, 22 Nov 2001 11:48:28 -0500


-----BEGIN PGP SIGNED MESSAGE-----


                 NetBSD Security Advisory 2001-018
                 =================================

Topic:          Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon

Version:        NetBSD-current: prior to August 28, 2001
                NetBSD-1.5.2:   affected
                NetBSD-1.5.1:   affected
                NetBSD-1.5:     affected
                NetBSD-1.4.*:   affected

Severity:       Remote root compromise from any host which can connect to lpd(8)

Fixed:          NetBSD-current:         August 28, 2001
                NetBSD-1.5 branch:      September 30, 2001
                NetBSD-1.4 branch:      not yet

Abstract
========

There is an remotely exploitable buffer overrun in the printer daemon,
/usr/sbin/lpd.


Technical Details
=================

http://msgs.securepoint.com/cgi-bin/get/bugtraq0108/259.html


Solutions and Workarounds
=========================

NetBSD 1.3 and later install with lpd disabled by default.  A system is
vulnerable to this security hole only if it is running /usr/sbin/lpd,
and access to lpd is allowed by entries in /etc/hosts.lpd.  Updating
the binary for safety is recommended.

Quick workaround:
If you are running /usr/sbin/lpd, and you do not need it, stop it.
If you have /etc/hosts.lpd which is open to everyone, you will want to
tighten the setup so that no malicious parties can access your remote printer.

Solutions:

* NetBSD -current, 1.5, 1.5.1, 1.5.2:

        Systems running NetBSD-current dated from before 2001-08-28
        should be upgraded to NetBSD-current dated 2001-08-28 or later.

        Systems running NetBSD 1.5, 1.5.1 or 1.5.2 dated from before
        2001-09-30 should be upgraded to NetBSD-1.5 branch sources dated
        2001-09-30 or later.

        The following directory needs to be updated from the
        netbsd-current CVS branch (aka HEAD) for NetBSD-current,
        or netbsd-1-5 CVS branch for NetBSD 1.5, 1.5.1 or 1.5.2:
                src/usr.sbin/lpr

        To update from CVS, re-build, and re-install lpd(8):
                # cd src/usr.sbin/lpr
                # cvs update -d -P
                # make cleandir dependall install


        Alternatively, apply the following patch (with potential offset
        differences) and rebuild & re-install lpd(8):
                ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-018-lpd.patch

        To patch, re-build and re-install lpd(8):
                # cd src/usr.sbin/lpr/common_sources
                # patch < /path/to/SA2001-012-lpd.patch
                # make cleandir dependall install


* NetBSD 1.4, 1.4.x:

        Systems running NetBSD-1.4.x releases should apply the following
        patch (with potential offset differences):
                ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-018-lpd.patch

        To patch, re-build and re-install lpd(8):
                # cd src/usr.sbin/lpr/common_sources
                # patch < /path/to/SA2001-012-lpd.patch
                # make cleandir dependall install


        The anonymous CVS branch netbsd-1-4 should be updated with a
        fix in the near future.


Thanks To
=========

Jun-ichiro Hagino for the original patches to -current, from a fix in
OpenBSD

Revision History
================

        2001-11-22      Initial release


More Information
================

An up-to-date PGP signed copy of this release will be maintained at
  ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2001, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2001-018.txt,v 1.6 2001/11/22 15:21:45 david Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBO/0YaT5Ru2/4N2IFAQFP2wP/cSSUxRgwi/JOWj7Yx6u35ygYpuZV3oXs
utQs/astpcjqVPQGqw0BRAuG5dJCqmLqf0F//cpwmFn/V5f5ByhwJE+x/KrtJ19N
S36uB6AAQYQ7Bh9GGVApncKwk2XeA3XcI2PAWX1VkRStzU/k6QYunfqqRdnMr5xr
srHaB5bZ9FQ=
=Wn9T
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • NetBSD Security Advisory 2001-018 Remote Buffer Overflow Vulnerability in LPD NetBSD Security Officer (Nov 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]