Bugtraq mailing list archives

Re: Possible weakness in LPD protocol

From: blymn () BAEA COM AU (Brett Lymn)
Date: Wed, 8 Oct 1997 19:24:09 +0930


According to Warner Losh:


Both OpenBSD and FreeBSD disallow any files with / in them in the code
that was quoted.  So this isn't a problem in either of those systems.
I don't have a current NetBSD source tree online at the moment, or I'd
check there.


Similarly, NetBSD-current does not allow any files with / in them to
be accepted as a data file.

--
Brett Lymn, Computer Systems Administrator, British Aerospace Australia
===============================================================================
  What do you get when you cross a cantaloup with a dog?        Melancholy :-P

Current thread:

Re: Possible weakness in LPD protocol Warner Losh (Oct 03)
- Re: Possible weakness in LPD protocol Brett Lymn (Oct 08)
- L0pht Advisory: IMAP4rev1 imapd server We got Food - Fuel - Ice-cold Beer - and X.509 certificates (Oct 08)
  - Re: L0pht Advisory: IMAP4rev1 imapd server Marc Slemko (Oct 08)
    - SNMP Insecurity Aleph One (Oct 08)
    - Malicious Linux modules Runar Jensen (Oct 08)
    - Re: L0pht Advisory: IMAP4rev1 imapd server Casper Dik (Oct 09)
    - Security flaw in PGPverify of INN Lutz Donnerhacke (Oct 09)
    - Re: L0pht Advisory: IMAP4rev1 imapd server Kragen Sitaker (Oct 09)
    - Security flaw in Count.cgi (wwwcount) Razvan Dragomirescu (Oct 10)
    - Huge security holes in Microsoft FP98 server extensions for Apache Marc Slemko (Oct 11)
    - Re: Huge security holes in Microsoft FP98 server extensions for Aleph One (Oct 11)

(Thread continues...)