Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Multiple BSD Vendor lpd Buffer Overflow

Multiple BSD Vendor lpd Buffer Overflow

by Phiber on September 1st, 2001 The printer daemon must be properly configured to exploit this vulnerability. Some systems do not ship with the service enabled, such as OpenBSD and FreeBSD. On systems where the daemon is enabled, the attack must be launched from a host in the '/etc/hosts.equiv' or '/etc/hosts.lpd' files.


If exploited, remote attackers may be able to gain superuser access to vulnerable systems.


Solution:


BSDI BSD/OS 4.1:

BSDI patch 4.1 M410-044
http://www.BSDI.COM/services/support/patches/patches-4.1/M410-044

FreeBSD FreeBSD 4.2:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 4.1.1:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 4.1:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 4.0:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 3.5.1:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 3.5:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 3.4:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 3.3:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 3.2:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 3.1:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FreeBSD FreeBSD 3.0:

FreeBSD patch 3.x-4.2 lpd-3.x-4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch

FYI:

The BSD print protocol daemon, shipped with many systems, contains a remotely exploitable buffer overflow vulnerability. The daemon listens on TCP port 515 and facilitates printing over a network. It is often enabled by default.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »