October 10, 2001

SuSE advisory: lprold buffer overflow and privilege escalation issues

Author: JT Smith

From an advisory posted at LinuxSecurity.com: "ISS X-Force reported an overflow in BSD's lineprinter daemon shipped with
the lprold package in SuSE Linux. Due to missing bounds checks in the
lockfile processing function, internal buffers may overflow. Bounds checks
have been added to fix that problem.
Additionally the SuSE Security Team uncovered other security related bugs
in lpd while analyzing lpd source after receiving the X-Force advisory.
These bugs allows users on machines listed in /etc/hosts.lpd or
/etc/hosts.equiv to chown any file on the system running lpd to any user.
In order to trigger any of the fixed bugs (including the overflow) the
attackers machine must be listed in one of these two access-files and the
attacker usually needs root on these machines due to the privileged-port


  • Linux
Click Here!