LPRng Vulnerability

CVE 2000-0917

Impact

If this vulnerability is present, a remote attacker could execute arbitrary code on the server. Also, Internet worms have been known to exploit this vulnerability to further their propogation.

Background

The print process is controlled by a process called lpd. The lpd process is a UNIX daemon that accepts print requests from local and remote users. LPRng is a popular version of lpd which provides enhancements and comes enabled by default with several open-source operating systems.

The Problem

Missing format strings in calls to the syslog function in LPRng could allow a remote attacker to cause a segmentation fault and crash the print service. Furthermore, arbitrary code injected into the print service's memory space by other means could be executed.

Versions of LPRng prior to 3.6.25 are affected by this vulnerability.

Resolution

If print service is not needed, disable lpd. Otherwise, the vulnerability can be fixed by upgrading to the latest version of LPRng.

Where can I read more about this?

More information on this vulnerability is available from CERT Advisory 2000-22.