From owner-freebsd-security  Thu Nov  8 10: 5: 3 2001
Delivered-To: freebsd-security@freebsd.org
Received: from post1.inre.asu.edu (post1.inre.asu.edu [129.219.110.72])
	by hub.freebsd.org (Postfix) with ESMTP id 56ACF37B41D
	for <freebsd-security@freebsd.org>; Thu,  8 Nov 2001 10:04:57 -0800 (PST)
Received: from conversion.post1.inre.asu.edu by asu.edu (PMDF V6.1 #40110)
 id <0GMH00A01RR6V8@asu.edu> for freebsd-security@freebsd.org; Thu,
 08 Nov 2001 10:11:30 -0700 (MST)
Received: from smtp.asu.edu (smtp.asu.edu [129.219.13.92])
 by asu.edu (PMDF V6.1 #40110) with ESMTP id <0GMH008LFRR6D8@asu.edu> for
 freebsd-security@freebsd.org; Thu, 08 Nov 2001 10:11:30 -0700 (MST)
Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.120.183])
	by smtp.asu.edu (8.9.3/8.9.3) with ESMTP id KAA30031	for
 <freebsd-security@freebsd.org>; Thu, 08 Nov 2001 10:10:16 -0700 (MST)
Date: Thu, 08 Nov 2001 10:10:15 -0700 (MST)
From: David Bear <David.Bear@asu.edu>
Subject: Re: Fw: Buffer overflow in lpd?
In-reply-to: <20011108153916.A67725@straylight.oblivion.bg>
X-X-Sender: <iddwb@moroni.pp.asu.edu>
To: FreeBSD Security List <freebsd-security@freebsd.org>
Message-id: <Pine.LNX.4.33.0111081008110.26286-100000@moroni.pp.asu.edu>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 8 Nov 2001, Peter Pentchev wrote:

> Date: Thu, 08 Nov 2001 15:39:16 +0200
> On Thu, Nov 08, 2001 at 07:29:17AM -0600, Kevin & Anita Kinsey wrote:
> > from http://icat.nist.gov/icat.cfm?cvename=CAN-2001-0670 :
> >
> > "Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue."
> >
> > Was this fixed prior to 4.4-REL?  Date on site is "prior to 10/3/2001."  REL was Sept, correct?
>
> All the information is there at the FreeBSD Project website.
> Go to http://www.FreeBSD.org/, follow the Security link, follow
> the Security Advisories link, there is a list of advisories.
> SA-01:58 is labeled as 'FreeBSD-SA-01:58.lpd', suggesting that
> it has something to do with, well, lpd :)
>
> This advisory lists a correction date of 2001-08-30 (FreeBSD 4.3-STABLE)
> and states that "[the] base system that will ship with FreeBSD 4.4 does
> not contain this problem since it was corrected before the release".
>

As a side note, it is also curious that if 4.4-RELEASE LPRng was NOT
included in the ports directory.  /usr/ports make search key=lprng only
found ifhp -- the lprng filter.  Anyone know why lprng (the supposedly
more secure lpr) was not included in the ports dist?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message