[3571] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Linux & BSD's lpr exploit

daemon@ATHENA.MIT.EDU (David Holland)
Fri Oct 25 17:56:28 1996

Date: 	Fri, 25 Oct 1996 14:18:10 -0400
Reply-To: David Holland <dholland@eecs.harvard.edu>
From: David Holland <dholland@eecs.harvard.edu>
X-To:         vadim@tversu.ac.ru
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To:  <Pine.NEB.3.95.961025163139.5903B-100000@mailserv.tversu.ac.ru>
              from "Vadim Kolontsov" at Oct 25, 96 04:35:57 pm

 >   there is a bug in berkeley-derived lpr, which allows attacker to get
 > root access (see freebsd-security for details). Here is exploit for Linux
 > (tested on 2.0.20), for BSD (tested on FreeBSD 2.1) and a patch.

lpr has been officially deprecated in Linux in favor of plp/LPRng
since July. The primary motivating factor in this decision was the
large number of security problems with lpr.

--
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3571] in bugtraq

Re: Linux & BSD's lpr exploit

daemon@ATHENA.MIT.EDU (David Holland)Fri Oct 25 17:56:28 1996

daemon@ATHENA.MIT.EDU (David Holland)
Fri Oct 25 17:56:28 1996