|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: LPRng remote root exploit
From: Pekka Savola (pekkas
NETCORE.FI)Date: Fri Dec 15 2000 - 16:23:15 CST
- Next message: Brad Cavanagh: "Re: /tmp topic"
- Previous message: Max Gribov: "Re: /tmp topic"
- In reply to: Matthew Connor: "Re: LPRng remote root exploit"
- Next in thread: Matt Wilson: "Re: LPRng remote root exploit"
- Reply: Pekka Savola: "Re: LPRng remote root exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 15 Dec 2000, Matthew Connor wrote:
> >LPRng-3.6.22/23/24 remote root exploit, enjoy.
>
> Upon submission to RedHat, they replied:
>
> +------- Additional comments from droesenentire-systems.com 2000-12-15
> 11:13 -------
> +This is resolved long ago. There is an errata update for LPRng available.
> +
> +*** This bug has been marked as a duplicate of 17756 ***
And the problem with that is...?
See: http://www.redhat.com/support/errata/RHSA-2000-065-06.html
The working version is LPRng-3.6.24-2, released ~2.5 months ago. Newer
versions of LPRng weren't available at the time. As a matter of fact, it
was auditing [for RHL7] by Chris Evans that uncovered the bug in the first
place.
The upgrade is integrated with -respin ISO's, alongside the up2date and
several misc issues AFAIR.
-- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
- Next message: Brad Cavanagh: "Re: /tmp topic"
- Previous message: Max Gribov: "Re: /tmp topic"
- In reply to: Matthew Connor: "Re: LPRng remote root exploit"
- Next in thread: Matt Wilson: "Re: LPRng remote root exploit"
- Reply: Pekka Savola: "Re: LPRng remote root exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]