[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] lpr bugs

To: linux-security
Subject: [linux-security] lpr bugs
Date: Wed, 4 Oct 2000 17:22:22 -0700 (PDT)

Problem description
===================

The old BSD-based lpr (shipped with Red Hat Linux 5.x and 6.x and probably
almost any other Linux distribution other than RH 7.0) has a
recently discovered format string bug in its calls to the syslog facility.
While there is not known exploits for this issue at this time, it might be
possible for a user to gain local root access.  For this reason, upgrading
to the new lpr is strongly encouraged.

Solution
========

RedHat 6.x:
rpm -Fvh lpr-0.50-7.i386.rpm
(this rpm is, e.g., available from the sphinx.sfu.ca in the directory
/vol/vol1/distrib/redhat/RedHat/RPMS)

I have not been able to find patches for other distributions although
they are probably vulnerable as well (e.g., Mandrake is based on RedHat).

Prev by Date: [linux-security] traceroute bugs
Next by Date: [linux-security] LPRng bugs
Prev by thread: [linux-security] LPRng bugs
Next by thread: [linux-security] traceroute bugs
Index(es):
- Date
- Thread