S.u.S.E. Support Data Base

Title: The printer daemon in packet lprold has a security hole

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents ---- Deutsch ---

The printer daemon in packet lprold has a security hole

Applicable to
S.u.S.E. version: 4.2, 4.3, 4.4 (1st edition)

Symptom:

The printer spooler (lpr) in package lprold has got a security hole that allows normal users to reach root privileges.

Cause:

An internal buffer is too short and overruns.

Solution:

Take the new package from ftp://ftp.suse.de/pub/suse43/lprold.tgz or switch to the alternative printer spooler plp. This can be done as follows:
        /sbin/init.d/lpd stop
        Uninstall the package lprold and install the package plp with YaST
        /sbin/init.d/lpd start

---

Keywords: SECURITY, PRINTER, LPR, LPD, LPROLD

---

Feedback welcome: Send Mail to fehr@suse.de (Please give the following subject: SDB-fehr_lpr_2)

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents ---- Deutsch ---

SDB-fehr_lpr_2, Copyright S.u.S.E. GmbH, Fürth, Germany
Impressum - Last generated: 17. Sep 1997 12:56:23 by mb with sdb_gen 0.70.0