Author: JT Smith
NetBSD: There is an remotely exploitable buffer overrun in the printer daemon,
/usr/sbin/lpd. Remote root compromise from any host which can connect to lpd(8).
/usr/sbin/lpd. Remote root compromise from any host which can connect to lpd(8).
NetBSD Security Advisory 2001-018
=================================
Topic: Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon
Version: NetBSD-current: prior to August 28, 2001
NetBSD-1.5.2: affected
NetBSD-1.5.1: affected
NetBSD-1.5: affected
NetBSD-1.4.*: affected
Severity: Remote root compromise from any host which can connect to lpd(8)
Fixed: NetBSD-current: August 28, 2001
NetBSD-1.5 branch: September 30, 2001
NetBSD-1.4 branch: not yet
Abstract
========
There is an remotely exploitable buffer overrun in the printer daemon,
/usr/sbin/lpd.
Technical Details
=================
http://msgs.securepoint.com/cgi-bin/get/bugtraq0108/259.html
Solutions and Workarounds
=========================
NetBSD 1.3 and later install with lpd disabled by default. A system is
vulnerable to this security hole only if it is running /usr/sbin/lpd,
and access to lpd is allowed by entries in /etc/hosts.lpd. Updating
the binary for safety is recommended.
Quick workaround:
If you are running /usr/sbin/lpd, and you do not need it, stop it.
If you have /etc/hosts.lpd which is open to everyone, you will want to
tighten the setup so that no malicious parties can access your remote printer.
Solutions:
* NetBSD -current, 1.5, 1.5.1, 1.5.2:
Systems running NetBSD-current dated from before 2001-08-28
should be upgraded to NetBSD-current dated 2001-08-28 or later.
Systems running NetBSD 1.5, 1.5.1 or 1.5.2 dated from before
2001-09-30 should be upgraded to NetBSD-1.5 branch sources dated
2001-09-30 or later.
The following directory needs to be updated from the
netbsd-current CVS branch (aka HEAD) for NetBSD-current,
or netbsd-1-5 CVS branch for NetBSD 1.5, 1.5.1 or 1.5.2:
src/usr.sbin/lpr
To update from CVS, re-build, and re-install lpd(8):
# cd src/usr.sbin/lpr
# cvs update -d -P
# make cleandir dependall install
Alternatively, apply the following patch (with potential offset
differences) and rebuild & re-install lpd(8):
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-018-lpd.patch
To patch, re-build and re-install lpd(8):
# cd src/usr.sbin/lpr/common_sources
# patch ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-018-lpd.patch
To patch, re-build and re-install lpd(8):
# cd src/usr.sbin/lpr/common_sources
# patch ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.
Copyright 2001, The NetBSD Foundation, Inc. All Rights Reserved.
$NetBSD: NetBSD-SA2001-018.txt,v 1.6 2001/11/22 15:21:45 david Exp $
Category:
- Linux
