[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Linux & BSD's lpr exploit
From:       Elliot Lee <sopwith () cuc ! edu>
Date:       1996-10-31 19:55:48
[Download RAW message or body]

On Wed, 30 Oct 1996, Capitan wrote:

> I tried to use the lpr exploit on my machine which runs Redhat 4.0.
> It says "lpr: lp: unknown printer".  It is setuid.  I was wondering if you
> could set lp so that the program would work.  You could do it by
> enviroment variable, but what would you set it to if there isn't a printer
> for the machine.  Is it just not possible for the bug to work on Redhat
> 4.0?  I would hate for one of my users to find a way to exploit it after i
> thought it was safe.   My kernel version is 2.0.23, but I'm going to
> upgrade it to 2.0.24 tonight.

There is an update out for lpr - run the following command as root,
and stop and start lpr, to fix:
rpm -Uvh \
ftp://ftp.redhat.com/pub/redhat/redhat-4.0/updates/i386/lpr-0.12-1.i386.rpm

Personally I think the world should start using LPRng (which doesn't need
things to be setUID at all, and is more secure in other aspects as well)
but again, that's just my opinion :)

-- Elliot

A: "Talk about stupidity!"
B: "Who, you?"
A: "No, me!"

[prev in list] [next in list] [prev in thread] [next in thread]