Re: Nasty security hole in "lprm"

From: Ross Harvey (rossat_private)
Date: Mon Apr 20 1998 - 11:29:57 PDT

Next message: The Tree of Life: "nestea v2. The program that DoS's 2.0.33s"

Previous message: Michal Zalewski: "Linux 2.0.33 vulnerability: oversized packets"
Maybe in reply to: Chris Evans: "Nasty security hole in "lprm""
Next in thread: Dima Ruban: "Re: Nasty security hole in "lprm""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > I've found a local->root compromise in the lprm program, as shipped
> > RedHat4.2 and RedHat5.0. Other systems untested.
>
> ...yes OpenBSD fixed it long ago.

NetBSD incorporated the fixed-up BSD lpr system over six months ago,
and the fixed-up version is in the NetBSD 1.3 release.

Next message: The Tree of Life: "nestea v2. The program that DoS's 2.0.33s"
Previous message: Michal Zalewski: "Linux 2.0.33 vulnerability: oversized packets"
Maybe in reply to: Chris Evans: "Nasty security hole in "lprm""
Next in thread: Dima Ruban: "Re: Nasty security hole in "lprm""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:44 PDT