Date: Thu, 8 Nov 2001 15:39:16 +0200 From: Peter Pentchev <roam@ringlet.net> To: Kevin & Anita Kinsey <k_a_kinsey@netzero.net> Cc: freebsd-security@freebsd.org Subject: Re: Fw: Buffer overflow in lpd? Message-ID: <20011108153916.A67725@straylight.oblivion.bg> In-Reply-To: <034101c16859$67c004e0$1e69493f@Kinsey>; from k_a_kinsey@netzero.net on Thu, Nov 08, 2001 at 07:29:17AM -0600 References: <034101c16859$67c004e0$1e69493f@Kinsey>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 08, 2001 at 07:29:17AM -0600, Kevin & Anita Kinsey wrote: > from http://icat.nist.gov/icat.cfm?cvename=CAN-2001-0670 : > > "Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue." > > Was this fixed prior to 4.4-REL? Date on site is "prior to 10/3/2001." REL was Sept, correct? All the information is there at the FreeBSD Project website. Go to http://www.FreeBSD.org/, follow the Security link, follow the Security Advisories link, there is a list of advisories. SA-01:58 is labeled as 'FreeBSD-SA-01:58.lpd', suggesting that it has something to do with, well, lpd :) This advisory lists a correction date of 2001-08-30 (FreeBSD 4.3-STABLE) and states that "[the] base system that will ship with FreeBSD 4.4 does not contain this problem since it was corrected before the release". G'luck, Peter -- If there were no counterfactuals, this sentence would not have been paradoxical. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108153916.A67725>