diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-96:18.lpr.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-96:18.lpr.asc | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/share/security/advisories/FreeBSD-SA-96:18.lpr.asc b/share/security/advisories/FreeBSD-SA-96:18.lpr.asc deleted file mode 100644 index 0b864cbd3d..0000000000 --- a/share/security/advisories/FreeBSD-SA-96:18.lpr.asc +++ /dev/null @@ -1,89 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SA-96:18 Security Advisory - FreeBSD, Inc. - -Topic: Buffer overflow in lpr (revised) - -Category: core -Module: lpr -Announced: 1996-11-25 -Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1.5 -Corrected: FreeBSD-current as of 1996/10/27 - FreeBSD-stable as of 1996/11/01 - FreeBSD 2.2 and 2.1.6 releases -FreeBSD only: no - -Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:18/ - -============================================================================= - -I. Background - - The lpr program is used to print files. It is standard software - in the FreeBSD operating system. - - This advisory is based on AUSCERT's advisory AA-96.12. The FreeBSD - security-officers would like to thank AUSCERT for their efforts. - - This is a revised advisory, issued to state clearly exactly which - versions of FreeBSD are vulnerable. - -II. Problem Description - - Due to its nature, the lpr program is setuid root. Unfortunately, - the program does not do sufficient bounds checking on arguments which - are supplied by users. As a result it is possible to overwrite the - internal stack space of the program while it's executing. This can - allow an intruder to execute arbitrary code by crafting a carefully - designed argument to lpr. As lpr runs as root this allows intruders - to run arbitrary commands as root. - - -III. Impact - Local users can gain root privileges. - - -IV. Workaround - - AUSCERT has developed a wrapper to help prevent lpr being exploited - using this vulnerability. This wrapper, including installation - instructions, can be found in - ftp://ftp.auscert.org.au/pub/auscert/advisory/ - AA-96.12.lpr.buffer.overrun.vul - -V. Solution - - Apply one of the following patches. Patches are provided for - FreeBSD-current (before 1996/10/27) (SA-96:18-solution.current) - FreeBSD-2.0.5, FreeBSD-2.1.0, FreeBSD-2.1.5 and - FreeBSd-stable (before 1996/11/01) (SA-96:18-solution.2xx) - - Patches can be found on ftp://freebsd.org/pub/CERT/patches/SA-96:18 - -============================================================================= -FreeBSD, Inc. - -Web Site: http://www.freebsd.org/ -Confidential contacts: security-officer@freebsd.org -PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc -Security notifications: security-notifications@freebsd.org -Security public discussion: security@freebsd.org - -Notice: Any patches in this document may not apply cleanly due to - modifications caused by digital signature or mailer software. - Please reference the URL listed at the top of this document - for original copies of all patches if necessary. -============================================================================= - - ------BEGIN PGP SIGNATURE----- -Version: 2.6.2 - -iQCVAwUBMptSe1UuHi5z0oilAQEWJwP5AZbCK/p+LJLDTOp68CARC18JB8+VF4DI -2qeGrMRxtWRJXD+MWV2llWbQBvX0iE53zzb7su0KYuq38zmVyoN6GM5KaRgRbHJC -tjEYrQ5AQK0an3C8ACOEy5Tt4PU10BPZlssWHWotTOpPeVIzjj7RZqSJLywSwoIh -wGzvSrEpYSk= -=r1Lc ------END PGP SIGNATURE----- |