[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : lpr - possible local root exploit

Title: lpr - possible local root exploit
Released by: Conectiva
Date: 5th October 2000
Printable version: Click here 
-----------------------------------------------------------------------

CONECTIVA LINUX SECURITY ANNOUNCEMENT

-----------------------------------------------------------------------



PACKAGE   : lpr

SUMMARY   : Possible local root exploit

DATE      : 2000-10-05 18:01:00

RELEVANT

RELEASES  : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1



----------------------------------------------------------------------



DESCRIPTION

 There is a format bug in lpd in a syslog() call that could be used to

 obtain root access. The exploit would have to successfully inject

 format strings in a hostname to cause damage.





SOLUTION

 All users should upgrade to the updated packages.



 We would like to thank Chris Evans for spotting this problem

 elsewhere and bringing it up to the attention of the linux vendors.





DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES

http://atualizacoes.conectiva.com.br/4.0/i386/lpr-0.50-6cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.0/SRPMS/lpr-0.50-6cl.src.rpm

http://atualizacoes.conectiva.com.br/4.0es/i386/lpr-0.50-6cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.0es/SRPMS/lpr-0.50-6cl.src.rpm

http://atualizacoes.conectiva.com.br/4.1/i386/lpr-0.50-6cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.1/SRPMS/lpr-0.50-6cl.src.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/lpr-0.50-6cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/SRPMS/lpr-0.50-6cl.src.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/lpr-0.50-6cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/SRPMS/lpr-0.50-6cl.src.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/lpr-0.50-6cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/SRPMS/lpr-0.50-6cl.src.rpm

http://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/lpr-0.50-6cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/lpr-0.50-6cl.src.rpm

http://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/lpr-0.50-6cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/lpr-0.50-6cl.src.rpm





----------------------------------------------------------------------



All packages are signed with Conectiva's GPG key. The key can be

obtained at http://www.conectiva.com.br/contato



----------------------------------------------------------------------

subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br

unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br






(C) 1999-2000 All rights reserved.