January 31, 2001

Security update to LPRng

Author: JT Smith

Posted at LWN.net: The LPRng port, versions prior to 3.6.26, contains a potential vulnera-
bility which may allow root compromise from both local and remote systems.
The vulnerability is due to incorrect usage of the syslog(3) function.
Local and remote users can send string-formatting operators to the print-
er daemon to corrupt the daemon's execution, potentially gaining root


  • Linux
Click Here!