11/6/01
A vulnerability in lpd could allow a remote
attacker to send options to Sendmail. By sending an option
which specifies another configuration file, the attacker could
gain root access to the server. Debian 2.1 and 2.1r4, Mandrake
6.0, 6.1, 7.0, and 7.1, and Red Hat 6.0 are affected by this
vulnerability.
11/6/01
Due to a flaw in the line printer daemon's hostname authentication
function, a remote attacker who would otherwise be denied
access to the print server could gain access by falsifying
the DNS record of the attacking host such that it resolves
to the same host name as the print server. This vulnerability
could be used in conjunction with other vulnerabilities to
gain root access from a host which is not listed in
/etc/hosts.equiv or /etc/hosts.lpd.
Exploitation of this vulnerability would require the attacker to
have control of his or her own DNS server.
Debian 2.1 and 2.1r4, and Red Hat 6.0 are affected by this vulnerability.
6/14/02
CVE 2002-0363
GNU ghostscript is a program for displaying PostScript files
or printing them to non-PostScript printers. ghostscript is often used
during the course of printing a document and is run as user lp.
An untrusted PostScript file can cause ghostscript to execute arbitrary
commands due to insufficient checking.
The following releases (architectures) of Red Hat Linux are vulnerable: 6.2 (alpha, i386, noarch, sparc), 7.0 (alpha, i386, noarch), 7.1 (alpha, i386, ia64), 7.2 (i386, ia64), and 7.3 (i386).
10/23/01
The BSD version of lpd included in the
lprold package which is shipped with the SuSE
Linux operating system is affected by a buffer overflow condition
which could allow a remote attacker to gain root access.
In order for the vulnerability to be exploited, the print
service would need to be configured and running, and the
attacker's address would need to be included in the
/etc/hosts.equiv or /etc/hosts.lpd file
on the server.
To resolve the ghostscript command execution vulnerability, either install source release of GNU ghostscript version 6.53 or later, or see Red Hat Security Advisory RHSA-2002:083-22 for patch information.