Debian Security Advisory
lpr -- access control problem and root exploit
- Date Reported:
- 09 Jan 2000
- Affected Packages:
-
lpr
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
- The version of lpr that was distributed with Debian
GNU/Linux 2.1 and the updated version released in 2.1r4 have a two security
problems:
- the client hostname wasn't verified properly, so if someone is able to
control the DNS entry for their IP they could fool lpr into granting access.
- it was possible to specify extra options to sendmail which could be used to
specify another configuration file. This can be used to gain root access.
Both problems have been fixed in 0.48-0.slink1. We recommend you upgrade
your lpr package immediately.
- Fixed in:
-
- Source:
- http://security.debian.org/dists/stable/updates/source/lpr_0.48-0.slink1.diff.gz
- http://security.debian.org/dists/stable/updates/source/lpr_0.48-0.slink1.dsc
- http://security.debian.org/dists/stable/updates/source/lpr_0.48.orig.tar.gz
- alpha:
- http://security.debian.org/dists/stable/updates/binary-alpha/lpr_0.48-0.slink1_alpha.deb
- i386:
- http://security.debian.org/dists/stable/updates/binary-i386/lpr_0.48-0.slink1_i386.deb
- m68k:
- http://security.debian.org/dists/stable/updates/binary-m68k/lpr_0.48-0.slink1_m68k.deb
- sparc:
- http://security.debian.org/dists/stable/updates/binary-sparc/lpr_0.48-0.slink1_sparc.deb
