Title: Multiple Vendor LPRng User-Supplied Format String Vulnerability
Severity: MODERATE
Description:
LPRng is an implementation of the Berkeley lpr print spooling utility.
LPRng contains a function, use_syslog(), that returns user input to a string in LPRng that is passed to syslog() as the format string. As a result, it is possible to corrupt the program's flow of execution by entering malicious format specifiers. In testing this has been exploited to remotely elevate privileges.
This vulnerability was tested on RedHat 7.0. Earlier versions are likely also be vulnerable, as well as other operating systems which ship with LPRng.
(Please see http://www.redhat.com/support/errata/RHSA-2000-065-06.html for links to updated i386 and source packages.)
If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Affected Products:
- Caldera OpenLinux Desktop 2.3.0
- Caldera OpenLinux eBuilder 3.0.0
- RedHat Linux 7.0.0
- SCO eDesktop 2.4.0
- SCO eServer 2.3.0
- Trustix Trustix Secure Linux 1.0.0
- Trustix Trustix Secure Linux 1.1.0
References:
- AStArt Technologies: LPRng Web Page
- CORE Security: LPRng format string exploit
- RedHat: LPRng errata
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
