• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor lpr Format String Vulnerability

Solution:
As part of their "format strings" audit, OpenBSD have independently discovered and corrected this vulnerability in their CVS.

This was fixed in NetBSD within the last 17 hours. http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/lpr/lpd/printjob.c

RedHat:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

RPMs required:

Red Hat Linux 5.2:

alpha:
ftp://updates.redhat.com/5.2/alpha/lpr-0.50-7.5.x.alpha.rpm

sparc:
ftp://updates.redhat.com/5.2/sparc/lpr-0.50-7.5.x.sparc.rpm

i386:
ftp://updates.redhat.com/5.2/i386/lpr-0.50-7.5.x.i386.rpm

sources:
ftp://updates.redhat.com/5.2/SRPMS/lpr-0.50-7.5.x.src.rpm

Red Hat Linux 6.x:

alpha:
ftp://updates.redhat.com/6.2/alpha/lpr-0.50-7.6.x.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/lpr-0.50-7.6.x.sparc.rpm

i386:
ftp://updates.redhat.com/6.2/i386/lpr-0.50-7.6.x.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/lpr-0.50-7.6.x.src.rpm

Immunix:

packages for this update for Immunix OS 6.2 (StackGuarded versions of the RedHat packages.) They can be found at:

http://immunix.org:8080/ImmunixOS/6.2/updates/RPMS/lpr-0.50-7_StackGuard.i386.rpm

or

http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/lpr-0.50-7_StackGuard.src.rpm

md5sums of the packages:
5f08dd8fadc05e71bbdafad6b2744dc8 lpr-0.50-7_StackGuard.i386.rpm
641637b987c94c9d3644946e4b006007 lpr-0.50-7_StackGuard.src.rpm

Mandrake:

Linux-Mandrake 6.0:
d19963294f539c64a4e852fb3f1f8c89 6.0/RPMS/lpr-0.50-3mdk.i586.rpm
6026033d4fe19be43694a653d495af0a 6.0/SRPMS/lpr-0.50-3mdk.src.rpm

Linux-Mandrake 6.1:
128b012e397473163c1e2c1ed4b78806 6.1/RPMS/lpr-0.50-3mdk.i586.rpm
6026033d4fe19be43694a653d495af0a 6.1/SRPMS/lpr-0.50-3mdk.src.rpm

Linux-Mandrake 7.0:
0ce870aa142c3482bdd0ad7b72a422c1 7.0/RPMS/lpr-0.50-3mdk.i586.rpm
6026033d4fe19be43694a653d495af0a 7.0/SRPMS/lpr-0.50-3mdk.src.rpm

Linux-Mandrake 7.1:
6d82c047a905fea7edecc9bed347eae0 7.1/RPMS/lpr-0.50-3mdk.i586.rpm
6026033d4fe19be43694a653d495af0a 7.1/SRPMS/lpr-0.50-3mdk.src.rpm


Wirex Immunix OS 6.2

• Wirex 6.2 I386 lpr-0.50-7.6.x_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/6.2/updates/RPMS/lpr-0.50-7.6.x_StackGuar d.i386.rpm