Date: Tue, 4 Dec 2001 00:26:55 -0500 (EST)
From: Jose Nazario <[email protected]>
To: [email protected]Subject: security issue with lpd (fwd)
of interest to folks here.
____________________________
jose nazario [email protected]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
---------- Forwarded message ----------
Date: Mon, 03 Dec 2001 20:52:40 -0700
From: Todd C. Miller <[email protected]>
To: [email protected]Subject: security issue with lpd
A security issue exists with lpd (the line printer daemon) that may
allow an attacker to create arbitrary new files in the root directory.
Only machines with line printer access (ie: listed in either
/etc/hosts.lpd or /etc/hosts.equiv) may be used to mount an attack
and the attacker must have root access on the machine.
OpenBSD does not start lpd in the default installation.
This problem is fixed in OpenBSD-current, the 3.0 patch branch (aka
3.0-stable) and the 2.9 branch (aka 2.9-stable).
A patch exists to fix the problem:
For OpenBSD-2.9 (as well as OpenBSD-2.8):
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/017_lpd.patch
For OpenBSD-3.0
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch
Credit for finding this bug (and the corresponding patch) goes
to Sebastian Krahmer of SuSE.
- todd
