[Snort-users] RE: 515/tcp scans on the rise
Robert E. Leever
bel1 at ...358...
Mon Nov 20 12:00:53 EST 2000
about 4 or 5 months ago there was a couple of printer
buffer overflow reported for Solaris 2.6, 7 &
I think 8, which required a printer server on
the network of the box to be exploited. Named
lpset & netpr. They give root priveledge.
I downloaded the c code and tested. It works
against 2.6 with kernel patch levels less than
105181-21, and 2.7 below 106541-12. Don't know
the patch level for 2.8 but if you have the latest
patch level you are safe from those 2 exploits.
They work by bouncing a packet off of the print
server back to the system to be exploited.
Could be a new one tho.
More information about the Snort-users