Multiple Vendor LPRng User-Supplied Format String Vulnerability

LPRng is an implementation of the Berkeley lpr print spooling utility.

LPRng contains a function, use_syslog(), that returns user input to a string in LPRng that is passed to syslog() as the format string. As a result, it is possible to corrupt the program's flow of execution by entering malicious format specifiers. In testing this has been exploited to remotely elevate privileges.

This vulnerability was tested on RedHat 7.0. Earlier versions are likely also be vulnerable, as well as other operating systems which ship with LPRng.

(Please see for links to updated i386 and source packages.)

If you feel we are in error or are aware of more recent information, please mail us at:


Privacy Statement
Copyright 2010, SecurityFocus