|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ed Ravin (eravin_at_panix.com)
Date: Mon Oct 21 2002 - 17:21:44 CDT
NetBSD 1.6 is using groff 1.16.1, and 1.5.3+ has groff 1.10.
Is this on anyone's radar?
> - - --------------------------------------------------------------------
> GENTOO LINUX SECURITY ANNOUNCEMENT 200210-005
> - - --------------------------------------------------------------------
>
> PACKAGE: groff
> SUMMARY: buffer overflow
> DATE : 2002-10-19 19:30 UTC
>
> - - --------------------------------------------------------------------
>
> The groff preprocessor contains an exploitable buffer overflow. If
> groff can be invoked within the LPRng printing system, an attacker
> can gain rights as the "lp" user.
>
> Remote exploitation may be possible if lpd is running and is accessible
> remotely, and the attacker knows the name of the printer and spoolfile.
>
> SOLUTION
>
> It is recommended that all Gentoo Linux users who are running
> sys-apps/groff-1.17.2-r2 and earlier update their systems
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]