Multiple Vendor LPRng User-Supplied Format String Vulnerability
LPRng is an implementation of the Berkeley lpr print spooling utility.
LPRng contains a function, use_syslog(), that returns user input to a string in LPRng that is passed to syslog() as the format string. As a result, it is possible to corrupt the program's flow of execution by entering malicious format specifiers. In testing this has been exploited to remotely elevate privileges.
This vulnerability was tested on RedHat 7.0. Earlier versions are likely also be vulnerable, as well as other operating systems which ship with LPRng.
(Please see http://www.redhat.com/support/errata/RHSA-2000-065-06.html for links to updated i386 and source packages.)
If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org.