Security Advisory LPRng contains a critical string format bug

Advisory: RHSA-2000:065-06
Type: Security Advisory
Severity: N/A
Issued on: 2000-09-26
Last updated on: 2001-02-25
Affected Products:
OVAL: N/A
CVEs (cve.mitre.org): CVE-2000-0917

Details

LPRng has a string format bug in the use_syslog function which could lead
to root compromise.

LPRng has a string format bug in the use_syslog function. This function
returns user input in a string that is passed to the syslog() function as
the format string. It is possible to corrupt the print daemon's execution
with unexpected format specifiers, thus gaining root access to the
computer. The vulnerability is theoretically exploitable both locally and
remotely.


Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages


Bugs fixed (see bugzilla for more information)

17756 - Critical security hole in LPRng, remote root


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0917
Originally reported to bugtraq by Chris Evans <chris@scary.beasts.org> on
25 Sep, 2000.

Keywords

syslog

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/