Bugtraq mailing list archives
Re: Linux /usr/bin/lpc overflow
From: slk () NTRNET NET (Simon Karpen)
Date: Thu, 4 Feb 1999 16:29:42 -0500
On Wed, 3 Feb 1999, Denis Bucher wrote:
xnec () INFERNO TUSCULUM EDU a écrit :
There is a local root comprimise hole in PLP Line Printer Control program, version 4.0.3, which is SuSE 5.2's /usr/bin/lpc. Most other unices use a different version of lpc (including SuSE 5.1).Under an installation of SuSE 5.1, I found lpc 4.0.3 ! Therefore I think 5.1 is not safe !
SuSE 5.3 and 6.0 appear not to suffer from this problem. Under 5.3: scan:/home/skarpen # rpm -qf /usr/sbin/lpc lprold-3.0.1-14 scan:/home/skarpen # /usr/sbin/lpc lpc> Under 6.0: root@grendel:~ > rpm -qf /usr/sbin/lpc lprold-3.0.1-37 root@grendel:~ > /usr/sbin/lpc lpc> Also, note that SuSE can install one of: PLP, 'classic' LPD, or LPRng. AFAIK the default os the 'classic' Berkeley LPD. (recent security-fixed version though) --Simon -- Simon Karpen slk () ntrnet net #include <std_disclaimer.h> My opinions are my own. Failure is not an option. It comes bundled with your Microsoft product. -- Ferenc Mantfeld
Current thread:
- Linux /usr/bin/lpc overflow xnec () INFERNO TUSCULUM EDU (Feb 02)
- <Possible follow-ups>
- Re: Linux /usr/bin/lpc overflow Denis Bucher (Feb 03)
- Cyrix bug: freeze in hell, badboy Ragnar Hojland Espinosa (Feb 04)
- Re: Cyrix bug: freeze in hell, badboy Aaron Lehmann (Feb 05)
- Re: Linux /usr/bin/lpc overflow Simon Karpen (Feb 04)
- Cyrix bug: freeze in hell, badboy Ragnar Hojland Espinosa (Feb 04)
- Re: Linux /usr/bin/lpc overflow -*- Chotaire -*- (Feb 04)