[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] LPRng bugs

To: linux-security
Subject: [linux-security] LPRng bugs
Date: Wed, 4 Oct 2000 17:23:42 -0700 (PDT)

Relevant releases/architectures: 

Red Hat Linux 7.0 - i386
LPRng from sphinx in /vol/vol1/distrib/redhat/contrib

Problem description
===================

LPRng has a string format bug in the use_syslog function.  This function
returns user input in a string that is passed to the syslog() function as
the format string.  It is possible to corrupt the print daemon's execution
with unexpected format specifiers, thus gaining root access to the
computer.  The vulnerability is theoretically exploitable both locally and
remotely.

Solution
========

Upgrade to patched version:
RH 7.0: rpm -Fvh LPRng-3.6.24-2.i386.rpm

LPRng from sphinx (LPRng for SFU users using SFU's print server):
mount -t nfs sphinx.sfu.ca:/vol/vol1/distrib/redhat/contrib /mnt/redhat
rpm -Fvh /mnt/redhat/LPRng-3.6.24-sfu.i386.rpm

Prev by Date: [linux-security] lpr bugs
Next by Date: [linux-security] esound bugs
Prev by thread: [linux-security] esound bugs
Next by thread: [linux-security] lpr bugs
Index(es):
- Date
- Thread