rlpr msg() Format String Error

2004-06-19T00:00:00
ID OSVDB:7195
Type osvdb
Reporter Jaguar (jaguar@felinemenace.org )
Modified 2004-06-19T00:00:00

Description

Vulnerability Description

rlpr contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to a format string error in the msg() function. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 2.05 or higher, as it has been reported to fix this vulnerability. In addition, Debian has released a patch to address this vulnerability.

Short Description

rlpr contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to a format string error in the msg() function. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://truffula.com/rlpr/ Secunia Advisory ID:11906 Secunia Advisory ID:11907 Related OSVDB ID: 7194 Other Advisory URL: http://www.debian.org/security/2004/dsa-524 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0626.html CVE-2004-0393