• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple BSD Vendor lpd Buffer Overflow Vulnerability

Solution:
WindRiver has released a fix for BSD/OS version 4.1.

Patches will be available from other affected vendors soon.

Security Focus recommends disabling the service or blocking outside access to it immediately. This may be accomplished by terminating the processes/disabling the service on the affected hosts or implementing strict network access controls limiting access to the service.

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


FreeBSD FreeBSD 3.0

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

FreeBSD FreeBSD 3.1

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

FreeBSD FreeBSD 3.2

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

FreeBSD FreeBSD 3.3

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

FreeBSD FreeBSD 3.4

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

FreeBSD FreeBSD 3.5

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

FreeBSD FreeBSD 3.5.1

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

FreeBSD FreeBSD 4.0

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

BSDI BSD/OS 4.1

• BSDI 4.1 M410-044
  http://www.BSDI.COM/services/support/patches/patches-4.1/M410-044

FreeBSD FreeBSD 4.1

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

FreeBSD FreeBSD 4.1.1

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

FreeBSD FreeBSD 4.2

• FreeBSD 3.x-4.2 lpd-3.x-4.2.patch
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.pa tch

SCO Open Server 5.0.1

• Caldera Open Server 5 lpd.tar.Z
  ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/lpd.t ar.Z

SCO Open Server 5.0.2

• Caldera Open Server 5 lpd.tar.Z
  ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/lpd.t ar.Z

SCO Open Server 5.0.3

• Caldera Open Server 5 lpd.tar.Z
  ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/lpd.t ar.Z

SCO Open Server 5.0.4

• Caldera Open Server 5 lpd.tar.Z
  ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/lpd.t ar.Z

SCO Open Server 5.0.5

• Caldera Open Server 5 lpd.tar.Z
  ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/lpd.t ar.Z

SCO Open Server 5.0.6 a

• Caldera Open Server 5 lpd.tar.Z
  ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/lpd.t ar.Z

SCO Open Server 5.0.6

• Caldera Open Server 5 lpd.tar.Z
  ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/lpd.t ar.Z

S.u.S.E. Linux 6.3

• S.u.S.E. 6.3 i386 lprold-3.0.48-275.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/lprold-3.0.48-275.i386. rpm

S.u.S.E. Linux 6.3 alpha

• S.u.S.E. 6.3 alpha lprold-3.0.48-215.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/lprold-3.0.48-215.alpha. rpm

S.u.S.E. Linux 6.4 ppc

• S.u.S.E. 6.4 ppc lprold-3.0.48-200.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/lprold-3.0.48-200.ppc.rp m

S.u.S.E. Linux 6.4 alpha

• S.u.S.E. 6.4 alpha lprold-3.0.48-215.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/lprold-3.0.48-215.alpha. rpm

S.u.S.E. Linux 6.4

• S.u.S.E. 6.4 i386 lprold-3.0.48-275.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/lprold-3.0.48-275.i386. rpm

S.u.S.E. Linux 7.0 ppc

• S.u.S.E. 7.0 ppc lprold-3.0.48-200.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/lprold-3.0.48-200.ppc.rp m

S.u.S.E. Linux 7.0

• S.u.S.E. 7.0 i386 lprold-3.0.48-275.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/lprold-3.0.48-275.i386. rpm

S.u.S.E. Linux 7.0 sparc

• S.u.S.E. 7.0 sparc lprold-3.0.48-216.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/lprold-3.0.48-216.spar c.rpm

S.u.S.E. Linux 7.0 alpha

• S.u.S.E. 6.4 alpha lprold-3.0.48-215.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/lprold-3.0.48-215.alpha. rpm


• S.u.S.E. 7.0 alpha lprold-3.0.48-215.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/lprold-3.0.48-215.alpha. rpm

S.u.S.E. Linux 7.1 x86

• S.u.S.E. 7.1 i386 lprold-3.0.48-275.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/lprold-3.0.48-275.i386. rpm

S.u.S.E. Linux 7.1 sparc

• S.u.S.E. 7.1 sparc lprold-3.0.48-216.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n1/lprold-3.0.48-216.spar c.rpm

S.u.S.E. Linux 7.1 ppc

• S.u.S.E. 7.1 ppc lprold-3.0.48-200.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/lprold-3.0.48-200.ppc.rp m

S.u.S.E. Linux 7.1 alpha

• S.u.S.E. 7.1 alpha lprold-3.0.48-215.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/lprold-3.0.48-215.alpha. rpm

S.u.S.E. Linux 7.2

• S.u.S.E. 7.2 i386 lprold-3.0.48-272.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/lprold-3.0.48-272.i386. rpm