Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Debian DSA 524-1 Critical: Rlpr Format String And Overflow Exploits

debian
Calendar Grey June 21, 2004
Debian Logo
Debian Security Advisory DSA 524-1 This email address is being protected from spambots. You need Jav
By exploiting one of these vulnerabilities, a local or remote user could potentially cause arbitrary code to be executed with the privileges of 1) the rlprd process (remote), or 2)...

Summary

jaguar@felinemenace.org discovered a format string vulnerability in
rlpr, a utility for lpd printing without using /etc/printcap. While
investigating this vulnerability, a buffer overflow was also
discovered in related code. By exploiting one of these
vulnerabilities, a local or remote user could potentially cause
arbitrary code to be executed with the privileges of 1) the rlprd
process (remote), or 2) root (local).

CAN-2004-0393: format string vulnerability via syslog(3) in msg()
function in rlpr

CAN-2004-0454: buffer overflow in msg() function in rlpr

For the current stable distribution (woody), this problem has been
fixed in version 2.02-7woody1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you update your rlpr package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

a...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: rlpr

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here