[3585] in bugtraq
Re: Linux & BSD's lpr exploit
daemon@ATHENA.MIT.EDU (Elliot Lee)
Sat Nov 2 05:41:36 1996
Date: Thu, 31 Oct 1996 19:55:48 -0500
Reply-To: Elliot Lee <sopwith@cuc.edu>
From: Elliot Lee <sopwith@cuc.edu>
X-To: Capitan <capitan@sunset.backbone.olemiss.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.SGI.3.95.961030164641.24067B-100000@sunset.backbone.olemiss.edu>
On Wed, 30 Oct 1996, Capitan wrote:
> I tried to use the lpr exploit on my machine which runs Redhat 4.0.
> It says "lpr: lp: unknown printer". It is setuid. I was wondering if you
> could set lp so that the program would work. You could do it by
> enviroment variable, but what would you set it to if there isn't a printer
> for the machine. Is it just not possible for the bug to work on Redhat
> 4.0? I would hate for one of my users to find a way to exploit it after i
> thought it was safe. My kernel version is 2.0.23, but I'm going to
> upgrade it to 2.0.24 tonight.
There is an update out for lpr - run the following command as root,
and stop and start lpr, to fix:
rpm -Uvh \
ftp://ftp.redhat.com/pub/redhat/redhat-4.0/updates/i386/lpr-0.12-1.i386.rpm
Personally I think the world should start using LPRng (which doesn't need
things to be setUID at all, and is more secure in other aspects as well)
but again, that's just my opinion :)
-- Elliot
A: "Talk about stupidity!"
B: "Who, you?"
A: "No, me!"
