lprng

[Juha Jäykkä <juolja@utu.fi>]

  Nessus claims all versions of lprng prior to 3.6.24 has some unnamed
flaw which allows exploiting the daemon's priviledges.
  As a debian lprng runs as daemon, it is not as dangerous as nessus
claims (root compromise), at least directly. How ever, I cannot find
any references to any vulnerabilities in lprng, except one in January
2000 in security.debian.org! Since potato has lprng 3.6.12 it would be
nice to know if there is a vulnerability or not. Anyone and ideas?
  I know nessus gives a lot of false positives, such as claiming
my mail server is an open relay when testing it from the (firewalled)
subnet which it really _IS_ a relay for. Nessus has no way of knowing
outiside world cannot use it as a relay; or claiming an up-to-date
potato sshd as vulnerable to the CRC32 attack compensator bug since its
version number suggests it is vulnerable.
  Most false positives are easily dismissed by knowing your setup which
nessus does not. There are a couple of concering cases, though: This
case of lprng: nessus only says it detects an lprng daemon, but NOT
that it cannot tell the version number and just states what I describe
in the beginning. Another is Trin00. It has this far detected three
machines with Trin00. In one of them it most certainly is false since
it claims to have found Windows version of Trin00 on an IRIX host...
The other two cases, on the other hand give no hint of being falses.
Does anyone know how reliable nessus is in detecting Trin00? Does it
only check that port X is open, thus we have Trin00 there or does it
really send some commands to the supposed Trin00 client/daemon and
verify its existence from the reply? If nessus is not realiable, how
can I check for it?

-- 
		 -----------------------------------------------
		| Juha Jäykkä, juolja@utu.fi			|
		| home: http://www.utu.fi/~juolja/		|
		 -----------------------------------------------