[3584] in bugtraq
Re: Linux & BSD's lpr exploit
daemon@ATHENA.MIT.EDU (Capitan)
Thu Oct 31 19:58:19 1996
Date: Wed, 30 Oct 1996 16:54:01 -0600
Reply-To: Capitan <capitan@sunset.backbone.olemiss.edu>
From: Capitan <capitan@sunset.backbone.olemiss.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.93.961025131724.466B-100000@ieee.udistrital.edu.co>
I tried to use the lpr exploit on my machine which runs Redhat 4.0.
It says "lpr: lp: unknown printer". It is setuid. I was wondering if you
could set lp so that the program would work. You could do it by
enviroment variable, but what would you set it to if there isn't a printer
for the machine. Is it just not possible for the bug to work on Redhat
4.0? I would hate for one of my users to find a way to exploit it after i
thought it was safe. My kernel version is 2.0.23, but I'm going to
upgrade it to 2.0.24 tonight.
Do I not need to worry about this bug? any help is appreciated.
Mark Nicholas
