BSD lpr 0.54 -4 - Arbitrary Command Execution

BSD lpr 0.54 -4 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 and possibly earlier versions contains a vulnerability that will allow an attacker to execute arbitra...

Серьезная дырка в LPR (PostScript shell execution & grog)

При печати PostScript документов выполняются shell-команды содержащиеся в документах, при этом не сбрасывается egid lp, что позволяет получить gid lp, кроме того, в отдельных случаях возможно получить root используя некорректный вызов к программе pic в grog...

CVE-1999-1062

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100...

Solaris 2.5.1 lp / lpsched - Symlink

!/bin/sh lpNet & temp file exploit: break lp, then use lp priv to break root or bin, etc.... Written by: Chris Sheldon [email protected] Tested on Solaris-2.5.1: SunOS testhost 5.5.1 Generic sun4m sparc SUNW,SPARCstation-20 Caveat: This system is running without patches. Sun released patch...