From owner-freebsd-security  Thu Nov  8  5:28: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail7.wlv.netzero.net (mail7.wlv.netzero.net [209.247.163.57])
	by hub.freebsd.org (Postfix) with SMTP id 9569C37B417
	for <freebsd-security@freebsd.org>; Thu,  8 Nov 2001 05:28:06 -0800 (PST)
Received: (qmail 18607 invoked from network); 8 Nov 2001 13:28:00 -0000
Received: from ppp-65-88-144-116.mclass.broadwing.net (HELO KevinD) (65.88.144.116)
  by mail7.wlv.netzero.net with SMTP; 8 Nov 2001 13:28:00 -0000
Message-ID: <034101c16859$67c004e0$1e69493f@Kinsey>
From: "Kevin & Anita Kinsey" <k_a_kinsey@netzero.net>
To: <freebsd-security@freebsd.org>
Subject: Fw: Buffer overflow in lpd?
Date: Thu, 8 Nov 2001 07:29:17 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_033E_01C16827.133A84E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This is a multi-part message in MIME format.

------=_NextPart_000_033E_01C16827.133A84E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

from http://icat.nist.gov/icat.cfm?cvename=3DCAN-2001-0670 :
=20
"Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various =
BSD-based operating systems allows remote attackers to execute arbitrary =
code via an incomplete print job followed by a request to display the =
printer queue."

Was this fixed prior to 4.4-REL?  Date on site is "prior to 10/3/2001."  =
REL was Sept, correct?

------=_NextPart_000_033E_01C16827.133A84E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>from <A=20
href=3D"http://icat.nist.gov/icat.cfm?cvename=3DCAN-2001-0670">http://ica=
t.nist.gov/icat.cfm?cvename=3DCAN-2001-0670</A></FONT><FONT=20
face=3DArial size=3D2>&nbsp;:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>"Buffer overflow in BSD line printer =
daemon (in.lpd=20
or lpd) in various BSD-based operating systems allows remote attackers =
to=20
execute arbitrary code via an incomplete print job followed by a request =
to=20
display the printer queue."</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Was this fixed prior to 4.4-REL?&nbsp; =
Date on site=20
is "prior to 10/3/2001."&nbsp; REL was Sept, =
correct?</FONT></DIV></BODY></HTML>

------=_NextPart_000_033E_01C16827.133A84E0--

----------------------------------------------------
Sign Up for NetZero Platinum Today
Only $9.95 per month!
http://my.netzero.net/s/signup?r=platinum&refcd=PT97

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message