107 matches found
CVE-2000-1208
CVE-2000-1208 affects BSD-based lpr/lpd (print subsystem). It is a format-string vulnerability in startprinting() inside printjob.c that can allow local privilege escalation via a faulty syslog call using strings from checkremote(). The vulnerability is tied to the lpr/lpd package and has been ad...
CVE-1999-1102
The CVE-1999-1102 entry concerns lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1 and other BSD-based systems. The vulnerability arises from a symlink-related attack in lpr that enables local users to create or overwrite arbitrary files after the program is invoked 1000 times. Root cause is a symlink hand...
CVE-1999-1102
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times...
redhat.lpr.txt
details of an exploit agains lpr-0.50-4 at least also affects other systems that may have the same print filters URL : http://crash.ihug.co.nz/Sneuro/lpd-adv.txt AFFECTS : lpr-0.50-4 & earlier SEVERITY : local ROOT possible. SYNOPSIS : escalation of group permissions, leading to exploit for every...
lpd: elevated privs - sometimes root
details of an exploit agains lpr-0.50-4 at least also affects other systems that may have the same print filters URL : http://crash.ihug.co.nz/Sneuro/lpd-adv.txt AFFECTS : lpr-0.50-4 & earlier SEVERITY : local ROOT possible. SYNOPSIS : escalation of group permissions, leading to exploit for every...
BSD 'lpr' 0.54 -4 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 and possibly earlier versions contains a vulnerability that will allow an attacker to execute arbitrary commands with the privileges of group 'lp'...
Серьезная дырка в LPR (PostScript shell execution & grog)
При печати PostScript документов выполняются shell-команды содержащиеся в документах, при этом не сбрасывается egid lp, что позволяет получить gid lp, кроме того, в отдельных случаях возможно получить root используя некорректный вызов к программе pic в grog...
BSD lpr 0.54 -4 - Arbitrary Command Execution
BSD lpr 0.54 -4 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 and possibly earlier versions contains a vulnerability that will allow an attacker to execute arbitra...
Дырка в LPRng и lpr.
Ошибка форматной строки в lpd, причем последний работает как suid root. Кроме того ошибки форматной строки и преобразования данных в lpr...
Дырки в LPR-утилитах BSD
Ошибка форматной строки...
Format strings: bug #1: BSD-lpr
Hi, INTRO ----- Welcome to a short series of security bugs, all involving mistakes with "user supplied format strings". This class of bug is very popular on Bugtraq at the moment, so what an ideal time for a few examples. BSD-lpr ------- If we look into lpr/lpd/printjob.c, we can find the followi...
[SECURITY] New version of lpr released
Package: lpr Vulnerability type: remote exploit Debian-specific: no The version of lpr that was distributed with Debian GNU/Linux 2.1 and the updated version released in 2.1r4 have a two security problems: the client hostname wasnt verified properly, so if someone is able to control the DNS entry...
[SECURITY] New version of lpr released
------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman January 9, 2000 - ------------------------------------------------------------------------ Package: lpr Vulnerability type: remote...
CVE-2000-1221
The line printer daemon lpd in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by...
DEBIAN-CVE-2000-1220
The line printer daemon lpd in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file...
CVE-1999-1102
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times...
[SECURITY] New versions of lpr released
The version of lpr that was distributed with Debian GNU/Linux 2.1 suffers from a couple of problems: there was a race in lpr that could be exploited by users to print files they can not normally read lpd did not check permissions of queue-files. As a result by using the -s flag it could be tricke...
[SECURITY] New versions of lpr released
------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman October 30, 1999 - ------------------------------------------------------------------------ The version of lpr that was...
SCO_lpr_vuln.txt
Subject: SCO 5.0.5 lpr local root exploit To: [email protected] Greetings, There is a hole in SCO 5.0.5, probably 5.0.x, /usr/bin/lpr. Or more accurately, /usr/lpd/remote/lp, which lpr execs and passes your command line args on to. This means that while /usr/bin/lpr is sgid lp, we'll stil...
[SECURITY] Current versions of lpr fixes security problem
We have received reports that buffer overflows in lprm may allow users to gain root access to the local system. We recommend that you use the binaries from hamm or any newer release. dpkg -i file.deb will install the referred file. Debian GNU/Linux 2.0 alias hamm Source archives:...