Multiple Vendor LPRng User-Supplied Format String Vulnerability
BID:1712
Info
Multiple Vendor LPRng User-Supplied Format String Vulnerability
| Bugtraq ID: | 1712 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 25 2000 12:00AM |
| Updated: | Sep 25 2000 12:00AM |
| Credit: | This vulnerability was reported to bugtraq by Chris Evans <[email protected]> on 25 Sep, 2000. |
| Vulnerable: |
Trustix Trustix Secure Linux 1.1 Trustix Trustix Secure Linux 1.0 SCO eServer 2.3 SCO eDesktop 2.4 Redhat Linux 7.0 Caldera OpenLinux eBuilder 3.0 Caldera OpenLinux Desktop 2.3 |
| Not Vulnerable: | |
Exploit / POC
Multiple Vendor LPRng User-Supplied Format String Vulnerability
CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Exploits available:
CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Exploits available:
Solution / Fix
Multiple Vendor LPRng User-Supplied Format String Vulnerability
Solution:
OpenLinux Desktop 2.3
Location of Fixed Packages:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
3ad5e8e8ab42d2ed1cce0627ca2a0f45 RPMS/LPRng-3.5.3-3.i386.rpm
61f4d3aef6757c68ba73cc1cc8bbcf27 RPMS/LPRng-doc-3.5.3-3.i386.rpm
ebd7e8ec09ef4d92397f608b1125ff82 RPMS/LPRng-doc-ps-3.5.3-3.i386.rpm
c53c9a83c0791030297b6079d7b9fcd9 RPMS/LPRng-lpd-3.5.3-3.i386.rpm
d266aed344873c9ff6aab2a409d760b4 SRPMS/LPRng-3.5.3-3.src.rpm
OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
Location of Fixed Packages:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
9cb7089adcadcf29ee2cb8268acc46c1 RPMS/LPRng-3.5.3-3.i386.rpm
77e9edbf336837a9957c3fc62167aee4 RPMS/LPRng-doc-3.5.3-3.i386.rpm
558a98c48558538bc15f86ca9a555e68 RPMS/LPRng-doc-ps-3.5.3-3.i386.rpm
62c39c60197447be1b4de85f81bcd5a0 RPMS/LPRng-lpd-3.5.3-3.i386.rpm
d266aed344873c9ff6aab2a409d760b4 SRPMS/LPRng-3.5.3-3.src.rpm
OpenLinux eDesktop 2.4
Location of Fixed Packages:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
7ec1973e306bbcaa3e27b770b463e6fe RPMS/LPRng-3.5.3-3.i386.rpm
f373e0a2389c64e207b84293d2afc177 RPMS/LPRng-doc-3.5.3-3.i386.rpm
4560b0415dc7dbf7bde284173a49c6f6 RPMS/LPRng-doc-ps-3.5.3-3.i386.rpm
994f2204ba1e743725fe69cecb47dac5 RPMS/LPRng-lpd-3.5.3-3.i386.rpm
d266aed344873c9ff6aab2a409d760b4 SRPMS/LPRng-3.5.3-3.src.rpm
Users of Trustix Linux 1.1 should download a new version of LPRng available at:
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
Filename:
* LPRng-3.6.24-1tr.i586.rpm
Trustix Trustix Secure Linux 1.0
Trustix Trustix Secure Linux 1.1
SCO eServer 2.3
Caldera OpenLinux eBuilder 3.0
Redhat Linux 7.0
Solution:
OpenLinux Desktop 2.3
Location of Fixed Packages:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
3ad5e8e8ab42d2ed1cce0627ca2a0f45 RPMS/LPRng-3.5.3-3.i386.rpm
61f4d3aef6757c68ba73cc1cc8bbcf27 RPMS/LPRng-doc-3.5.3-3.i386.rpm
ebd7e8ec09ef4d92397f608b1125ff82 RPMS/LPRng-doc-ps-3.5.3-3.i386.rpm
c53c9a83c0791030297b6079d7b9fcd9 RPMS/LPRng-lpd-3.5.3-3.i386.rpm
d266aed344873c9ff6aab2a409d760b4 SRPMS/LPRng-3.5.3-3.src.rpm
OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
Location of Fixed Packages:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
9cb7089adcadcf29ee2cb8268acc46c1 RPMS/LPRng-3.5.3-3.i386.rpm
77e9edbf336837a9957c3fc62167aee4 RPMS/LPRng-doc-3.5.3-3.i386.rpm
558a98c48558538bc15f86ca9a555e68 RPMS/LPRng-doc-ps-3.5.3-3.i386.rpm
62c39c60197447be1b4de85f81bcd5a0 RPMS/LPRng-lpd-3.5.3-3.i386.rpm
d266aed344873c9ff6aab2a409d760b4 SRPMS/LPRng-3.5.3-3.src.rpm
OpenLinux eDesktop 2.4
Location of Fixed Packages:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
7ec1973e306bbcaa3e27b770b463e6fe RPMS/LPRng-3.5.3-3.i386.rpm
f373e0a2389c64e207b84293d2afc177 RPMS/LPRng-doc-3.5.3-3.i386.rpm
4560b0415dc7dbf7bde284173a49c6f6 RPMS/LPRng-doc-ps-3.5.3-3.i386.rpm
994f2204ba1e743725fe69cecb47dac5 RPMS/LPRng-lpd-3.5.3-3.i386.rpm
d266aed344873c9ff6aab2a409d760b4 SRPMS/LPRng-3.5.3-3.src.rpm
Users of Trustix Linux 1.1 should download a new version of LPRng available at:
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
Filename:
* LPRng-3.6.24-1tr.i586.rpm
Trustix Trustix Secure Linux 1.0
-
Trustix 1.0/1.1 LPRng-3.6.24-1tr.i586.rpm
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/LPRng-3.6.24-1tr.i5 86.rpm
Trustix Trustix Secure Linux 1.1
-
Trustix 1.0/1.1 LPRng-3.6.24-1tr.i586.rpm
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/LPRng-3.6.24-1tr.i5 86.rpm
SCO eServer 2.3
-
Caldera eDesktop 2.4 current LPRng-3.5.3-3.i386.rpm
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/LPRn g-3.5.3-3.i386.rpm -
Caldera eServer 2.3/ eBuilder 3.0 current LPRng-3.5.3-3.i386.rpm
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/LPRn g-3.5.3-3.i386.rpm
Caldera OpenLinux eBuilder 3.0
-
Caldera eDesktop 2.4 current LPRng-3.5.3-3.i386.rpm
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/LPRn g-3.5.3-3.i386.rpm -
Caldera eServer 2.3/ eBuilder 3.0 current LPRng-3.5.3-3.i386.rpm
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/LPRn g-3.5.3-3.i386.rpm
Redhat Linux 7.0
-
RedHat 7.0 i386 LPRng-3.6.24-2.i386.rpm
ftp://updates.redhat.com/7.0/i386/LPRng-3.6.24-2.i386.rpm