On Wed, 3 Feb 1999, Denis Bucher wrote: > xnecat_private a écrit : > > There is a local root comprimise hole in PLP Line Printer Control program, > > version 4.0.3, which is SuSE 5.2's /usr/bin/lpc. Most other unices use a > > different version of lpc (including SuSE 5.1). > > Under an installation of SuSE 5.1, I found lpc 4.0.3 ! > Therefore I think 5.1 is not safe ! SuSE 5.3 and 6.0 appear not to suffer from this problem. Under 5.3: scan:/home/skarpen # rpm -qf /usr/sbin/lpc lprold-3.0.1-14 scan:/home/skarpen # /usr/sbin/lpc lpc> Under 6.0: root@grendel:~ > rpm -qf /usr/sbin/lpc lprold-3.0.1-37 root@grendel:~ > /usr/sbin/lpc lpc> Also, note that SuSE can install one of: PLP, 'classic' LPD, or LPRng. AFAIK the default os the 'classic' Berkeley LPD. (recent security-fixed version though) --Simon -- Simon Karpen slkat_private #include <std_disclaimer.h> My opinions are my own. Failure is not an option. It comes bundled with your Microsoft product. -- Ferenc Mantfeld
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:37 PDT