[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] LPRng bugs
- To: linux-security
- Subject: [linux-security] LPRng bugs
- Date: Wed, 4 Oct 2000 17:23:42 -0700 (PDT)
Relevant releases/architectures:
Red Hat Linux 7.0 - i386
LPRng from sphinx in /vol/vol1/distrib/redhat/contrib
Problem description
===================
LPRng has a string format bug in the use_syslog function. This function
returns user input in a string that is passed to the syslog() function as
the format string. It is possible to corrupt the print daemon's execution
with unexpected format specifiers, thus gaining root access to the
computer. The vulnerability is theoretically exploitable both locally and
remotely.
Solution
========
Upgrade to patched version:
RH 7.0: rpm -Fvh LPRng-3.6.24-2.i386.rpm
LPRng from sphinx (LPRng for SFU users using SFU's print server):
mount -t nfs sphinx.sfu.ca:/vol/vol1/distrib/redhat/contrib /mnt/redhat
rpm -Fvh /mnt/redhat/LPRng-3.6.24-sfu.i386.rpm