[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] Alert: remote roote exploit in lpd
- To: linux-security
- Subject: [linux-security] Alert: remote roote exploit in lpd
- From: Martin Siegert <siegert@sfu.ca>
- Date: Fri, 9 Nov 2001 10:47:37 -0800
- User-Agent: Mutt/1.2.5i
Topic
=====
remote root exploit in lpd
Problem Description
===================
There is a buffer overflow in the displayq code of the BSD lineprinter
lpd daemon that is part of the lpr package that can be exploited remotely.
Immediate action is strongly advised.
[There were several buffer overflows discovered in lpd before that were
fixed lpd in Jan. 2000].
Affected Systems
================
All Linux systems that use lpr, e.g., RedHat 6.x, but not RedHat 7.x.
Not Affected
============
Linux systems that use LPRng.
Workaround (recommended!)
=========================
Use the LPRng package (www.LPRng.org). LPRng does not require you to run
a daemon at all. If you don't run a daemon, the potential for a remote
exploit is gone. For RedHat 6.x we provide a LPRng rpm in
/vol/vol1/distrib/redhat/6.2/contrib, which comes with a configuration file
suitable for SFU users.
RedHat 6.x
----------
rpm -e lpr
rpm -Uvh LPRng-3.7.4-23sfu.i386.rpm
Solution (if you cannot use the workaround)
===========================================
RedHat 6.x
----------
rpm -Fvh lpr-0.50.5-1.i386.rpm
Other Distributions
-------------------
Although several other distributions (e.g., Debian) use lpr and should be
affected as well, I have not seen advisories other than RedHat's or the
gerneral Cert advisory. I will post additional infomation to this list
when it becomes available.