LPRNG vulnerability [was Re: weird messages in syslog]
SaDIKuZboy" <sadikuzboy@libero.it>
|> it could be something as a backdoor or an arbitrary service ... try
|> to : cron -l it shows u a table with binary called to be run,
|> report it and let's see what's there :o)
Thanks for your help. Maybe you meant crontab -l?
But I'm pretty certain in any case that the garbage in my syslog
file does not reflect the activity of any cron-job. There's nothing
remotely resembling it anywhere else in the logs. I've been through
/etc/cron.daily weekly and monthly, and there is nothing in those
scripts, as far as I can tell, that would produce the kind of output I
have.
"Kelley, Tim (CBS-New Orleans)" <Tim.kelley@cox.com> wrote:
|> looks like a buffer overflow attempt to me ... look at your
|> security
I'm sure it is. There is a buffer-overflow advisory against
lprng. Local and remote users can send string-formatting operators to
the printer daemon to corrupt the daemon's execution, potentially
gaining root access. The messages in my syslog are close to identical
to those reported at:
http://ciac.llnl.gov/ciac/bulletins/l-025.shtml
But the warnings I have seen all refer to versions prior to 3.6.26,
and they all report the problem as fixed in versions since then. I
have the version from debian testing which is 3.8.0 (it's the same in
unstable).
I've not had to deal with such an exploit before, so I would really
appreciate any advice that's going. I've stopped the lprng daemon for
now, until I can tighten things up.
Thank you in advance,
Jim
Reply to: