The following is the description of an errata issued 2000-09-26, it concerns the LPRng syslog format hole which is discovered anew once a week on bug-traq. Descrition: LPRng has a string format bug in the use_syslog function. This function returns user input in a string that is passed to the syslog() function as the format string. It is possible to corrupt the print daemon's execution with unexpected format specifiers, thus gaining root access to the computer. The vulnerability is theoretically exploitable both locally and remotely. The errata is published at: http://www.redhat.com/support/errata/RHSA-2000-065-06.html Please note that at the time of this errata's publication, no exploits were known to exist, and that LPRng's upstream maintainers fixed this problem with LPRng-3.6.25; thus, this problem was addressed in a timely manor by all parties involved, and has been solved since last September. ++ 30/12/00 11:08 +0100 - [EMAIL PROTECTED]: > This exploit compromise Redhat 7.0 box and it allows to gain the root.. > is very dangerous.. please RedHat.com release a patch!! > This expl take advantage of Lpd. > > For download this expl. look www.netcat.it/download/SEClpd.c > > Thx To All > Staff of www.netcat.it -- "I may be a monkey, Crutcher Dunnavant but I'm a monkey <[EMAIL PROTECTED]> with ambition!" Red Hat OS Development -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
