Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Multiple vendor lprm buffer overflow

Multiple vendor lprm buffer overflow

by Mario Miri on April 8th, 2003 Multiple vendor lprm utility is prone to buffer overflow attack. Maliciously crafted string send to lprm as a normal request may be used to execute arbitrary code.


Vulnerable:
BSD lpr 2000.05.07
BSD lpr 0.48
FreeBSD 2.2
FreeBSD 2.2.2
FreeBSD 2.2.3
FreeBSD 2.2.4
FreeBSD 2.2.5
FreeBSD 2.2.6
lpr-ppd 0.72
lprold 3.0.48
OpenBSD 2.0
OpenBSD 2.1
OpenBSD 2.2
OpenBSD 2.3
OpenBSD 2.4
OpenBSD 2.5
OpenBSD 2.6
OpenBSD 2.7
OpenBSD 2.8
OpenBSD 2.9
OpenBSD 3.0
OpenBSD 3.1
OpenBSD 3.2


Solution:
Debian, S.u.S.E., OpenBSD have released patches. Check your local version of the software and act appropriately.


Exploit / Proof of concept:
http://download.xatrix.org/prf/lprm1.txt
http://download.xatrix.org/prf/lprm2.txt


Discovered by:
Niall Smart, [email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »