[Snort-users] RE: 515/tcp scans on the rise

Robert E. Leever bel1 at ...358...
Mon Nov 20 12:00:53 EST 2000

hi all

about 4 or 5 months ago there was a couple of printer 
buffer overflow reported for Solaris 2.6, 7 & 
I think 8, which required a printer server on
the network of the box to be exploited.  Named
lpset & netpr.  They give root priveledge.

I downloaded the c code and tested.  It works
against 2.6 with kernel patch levels less than
105181-21, and 2.7 below 106541-12.  Don't know
the patch level for 2.8 but if you have the latest
patch level you are safe from those 2 exploits.

They work by bouncing a packet off of the print 
server back to the system to be exploited.

Could be a new one tho.


More information about the Snort-users mailing list