Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: lpd exploit?

Re: lpd exploit?

From: Ryan Yagatich <ryagatich_at_CSN1.COM>
Date: Fri, 1 Dec 2000 12:51:56 -0500

"root"

1) Cute e-mail address... since microsoft is primarily NT...... ;)

2) i agree with Dr. Altamo, yes there is a problem lpd, in fact, there have
been many problems with lpd in redhat.... all which have been fixed. Here's
some update info:

LPR security - lpd Redhat 7.0:
http://www.redhat.com/support/errata/RHSA-2000-065-06.html
or on bugzilla: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17756
<Quote from redhat.com>
"2. Problem description:

LPRng has a string format bug in the use_syslog function. This function
returns user input in a string that is passed to the syslog() function as
the format string. It is possible to corrupt the print daemon's execution
with unexpected format specifiers, thus gaining root access to the
computer. The vulnerability is theoretically exploitable both locally and
remotely."
</quote>

If you don't feel like reading the short advisory, the patches are as
follows:
i386: ftp://updates.redhat.com/7.0/i386/LPRng-3.6.24-2.i386.rpm
sources: ftp://updates.redhat.com/7.0/SRPMS/LPRng-3.6.24-2.src.rpm

ryan
Received on Dec 04 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos