EUVD-1999-0032

Malware in sbrugna...

NIPrint LPD-LPR Print Server String Handling Remote Overflow

A vulnerability in the NIPrint could allow an attacker to remotely overflow an internal buffer which could allow code execution. include"compat.inc"; ifdescription scriptid11926; scriptversion"1.17"; scriptcveid"CVE-2003-1141"; scriptbugtraqid8968; scriptnameenglish:"NIPrint LPD-LPR Print Server...

DSA-275 lpr-ppd - buffer overflow

Bulletin has no description...

DSA-267 lpr - buffer overflow

Bulletin has no description...

CVE-1999-1102

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times...

Серьезная дырка в LPR (PostScript shell execution & grog)

При печати PostScript документов выполняются shell-команды содержащиеся в документах, при этом не сбрасывается egid lp, что позволяет получить gid lp, кроме того, в отдельных случаях возможно получить root используя некорректный вызов к программе pic в grog...

BSD 'lpr' 0.54 -4 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 and possibly earlier versions contains a vulnerability that will allow an attacker to execute arbitrary commands with the privileges of group 'lp'...

SCO_lpr_vuln.txt

Subject: SCO 5.0.5 lpr local root exploit To: [email protected] Greetings, There is a hole in SCO 5.0.5, probably 5.0.x, /usr/bin/lpr. Or more accurately, /usr/lpd/remote/lp, which lpr execs and passes your command line args on to. This means that while /usr/bin/lpr is sgid lp, we'll stil...