Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_4

Bugtraq archives for 4th quarter (Oct-Dec) 1996: Re: Linux & BSD's lpr exploit

Re: Linux & BSD's lpr exploit

UDNet Security (securityieee.udistrital.edu.co)
Fri, 25 Oct 1996 13:33:30 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: bmanningISI.EDU: "Re: your mail"
Previous message: David Holland: "Re: Linux & BSD's lpr exploit"
In reply to: Vadim Kolontsov: "BoS: Linux & BSD's lpr exploit"
Next in thread: Capitan: "Re: Linux & BSD's lpr exploit"

lpr bug was tested in linux 2.1.5 kernel .... Distribution Slackware 96

This configuration is vulnerable.

ieee:security~# uname -a
Linux ieee 2.1.5 #3 Sat Oct 19 13:34:54 EST 1986 i486
ieee:security~# ./lpr
bash# id
uid=(503)security gid=100(users) euid=0(root) egid=7(lp) groups=100(users)
bash#



Workaraound:
I do a chmod -s /usr/bin/lpr .. it works fine, but then users cannot
print;

The patch works fine too.


Gustavo Lozano.

Next message: bmanningISI.EDU: "Re: your mail"
Previous message: David Holland: "Re: Linux & BSD's lpr exploit"
In reply to: Vadim Kolontsov: "BoS: Linux & BSD's lpr exploit"
Next in thread: Capitan: "Re: Linux & BSD's lpr exploit"