[RH 7 users please upgrade the LPR package -- Raju]
This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------
Return-Path: <[EMAIL PROTECTED]>
Approved-By: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
References: <G6DLIR$[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-Department: OS Development
Message-ID: <[EMAIL PROTECTED]>
Reply-To: Crutcher Dunnavant <[EMAIL PROTECTED]>
Organization: Red Hat, Inc.
X-To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
In-Reply-To: <G6DLIR$[EMAIL PROTECTED]>;
from [EMAIL PROTECTED] on Sat, Dec 30, 2000 at 11:08:51AM +0100
From: Crutcher Dunnavant <[EMAIL PROTECTED]>
Sender: Bugtraq List <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Remote Root Exploit for Redhat 7.0
Date: Tue, 2 Jan 2001 15:55:20 -0500
The following is the description of an errata issued 2000-09-26,
it concerns the LPRng syslog format hole which is discovered anew
once a week on bug-traq.
Descrition:
LPRng has a string format bug in the use_syslog function. This function
returns user input in a string that is passed to the syslog() function as
the format string. It is possible to corrupt the print daemon's execution
with unexpected format specifiers, thus gaining root access to the
computer. The vulnerability is theoretically exploitable both locally and
remotely.
The errata is published at:
http://www.redhat.com/support/errata/RHSA-2000-065-06.html
Please note that at the time of this errata's publication, no exploits were
known to exist, and that LPRng's upstream maintainers fixed this problem
with LPRng-3.6.25; thus, this problem was addressed in a timely manor by all
parties involved, and has been solved since last September.
++ 30/12/00 11:08 +0100 - [EMAIL PROTECTED]:
> This exploit compromise Redhat 7.0 box and it allows to gain the root..
> is very dangerous.. please RedHat.com release a patch!!
> This expl take advantage of Lpd.
>
> For download this expl. look www.netcat.it/download/SEClpd.c
>
> Thx To All
> Staff of www.netcat.it
--
"I may be a monkey, Crutcher Dunnavant
but I'm a monkey <[EMAIL PROTECTED]>
with ambition!" Red Hat OS Development
------------------------------
End of this Digest
******************
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
------------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
