Theo de Raadt and myself spent some time back in 1997, when I worked for SNI, identifying and fixing these vulnerabilities in the BSD derived lpd subsystem. All of the problems disclosed in the original SNI advisory (now NAI) and the current l0pht advisory were solved at that point (in the OpenBSD version). The original advisory can be found at: http://www.nai.com/nai_labs/asp_set/advisory/20_bsd_lpd_adv.asp At the point of the original advisory, more people started reviewing lpd, and I believe even more problems were fixed, including a multitude of buffer overflows. Many other vendors were found to be vulnerable to these problems as well, and as many as possible were contacted. At one point I'm sure that the general Linux lpd was also updated, but obviously this was lost somewhere in time (and I don't know how Redhat decides what to use). Since most lpd implementations out there (in commercial operating systems) are based on the BSD lpd, I would have no problem assuming that many of these are still vulnerable. Infact, I would suggest someone sit down and review the changes made to the OpenBSD lpd, and make sure that RedHat is up to date in that respect, even after this latest patch. Oliver securityfocus.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:30 PDT