[Snort-users] RE: 515/tcp scans on the rise

stevenma at ...27... stevenma at ...27...
Mon Nov 20 14:45:54 EST 2000


Here's my guess:

http://www.redhat.com/support/errata/RHSA-2000-065-06.html

I believe there were some other fairly recent lpr bugs in Linux also.

Matt

On Mon, Nov 20, 2000 at 09:00:53AM -0800, Robert E. Leever wrote:
> hi all
> 
> about 4 or 5 months ago there was a couple of printer 
> buffer overflow reported for Solaris 2.6, 7 & 
> I think 8, which required a printer server on
> the network of the box to be exploited.  Named
> lpset & netpr.  They give root priveledge.
> 
> I downloaded the c code and tested.  It works
> against 2.6 with kernel patch levels less than
> 105181-21, and 2.7 below 106541-12.  Don't know
> the patch level for 2.8 but if you have the latest
> patch level you are safe from those 2 exploits.
> 
> They work by bouncing a packet off of the print 
> server back to the system to be exploited.
> 
> Could be a new one tho.
> 
> 
> b;)




More information about the Snort-users mailing list