LPRng Vulnerability
CVE 2000-0917
Impact
If this vulnerability is present, a remote attacker could
execute arbitrary code on the server. Also, Internet worms
have been known to exploit this vulnerability to further
their propogation.
Background
The print process is controlled by a process called lpd.
The lpd process is a UNIX daemon that accepts print
requests from local and remote users. LPRng
is a popular version of lpd which provides
enhancements and comes enabled by default with several
open-source operating systems.
The Problem
Missing format strings in calls to the syslog
function in LPRng could allow a remote attacker to cause
a segmentation fault and crash the print service.
Furthermore,
arbitrary code injected into the print service's memory
space by other means could be executed.
Versions of LPRng prior to 3.6.25 are affected by this
vulnerability.
Resolution
If print service is not needed, disable lpd.
Otherwise, the vulnerability can be fixed by
upgrading to the latest
version of LPRng.
Where can I read more about this?
More information on this vulnerability is available from
CERT
Advisory 2000-22.