No news here.
The author's site indicates that he found the bug under IRIX 6.2.
That release of IRIX is around 5 years old. SGI released a Security
Advisory on the netprint issue in December of 1996 which included
information on a patch which fixes it. See SGI's security site at:
http://www.sgi.com/support/security/index.html
I tested the exploit against a current IRIX release (6.5.11) and found
it not to be vulnerable.
Rule of thumb: If your sysadmin hasn't done an OS upgrade or applied
patches in over four years, there are likely to be some significant
security issues.
[EMAIL PROTECTED] writes:
> i haven't audited anything in some time. well, i
> just noticed this because i am doing a project
> with a name similar to "netprint" and i was
> wondering if it was at all related to what i was
> doing. it wasn't. but, i noticed it was setuid
> root and had a little bug.
>
> this bug takes advantage of the -n option witch
> has a bug that allows for arbitrary commands to be
> executed.
>
> exploit source code:
> http://realhalo.org/xnetprint.c
>
> Vade79 -> [EMAIL PROTECTED] -> realhalo.org.
--
/* Dale Southard Jr. [EMAIL PROTECTED] 925-422-1463 */
/* Computer Scientist, Accelerated Strategic Computing Initiative */
/* L-550, Lawrence Livermore National Lab, Livermore CA 94551 */
/* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
