Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat 7.0: RHSA-2000:065-04 Critical: LPRng Root Access Risk

red hat
Calendar Grey October 4, 2000
Dist Redhat Esm H88
A critical weakness has been identified in LPRng, marked by a string manipulation issue that may allow elevation to root permissions via syslog tampering.
LPRng has a string format bug in the use_syslog function which could lead to root compromise.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

17756 - Critical security hole in LPRng, remote root


6. RPMs required:

Red Hat Linux 7.0:

i386:


sources:


7. Verification:

MD5 sum Package Name c1fc795122b067dd9549aceb75bf5694 7.0/SRPMS/LPRng-3.6.24-2.src.rpm 05251e71ae5f2d2fdbc6611eea6f8651 7.0/i386/LPRng-3.6.24-2.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:


You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

Originally reported to bugtraq by Chris Evans <chris@scary.beasts.org> on 25 Sep, 2000. Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:065-04
Issue date: 2000-09-26
Updated on: 2000-10-04
Product: Red Hat Linux
Keywords: LPRng security lpd printing lpr syslog
Cross references: N/A

Topic

Relevant Releases Architectures

Red Hat Linux 7.0 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here