CVE-2002-0378
CVSS7.5
发布时间 :2002-07-03 00:00:00
修订时间 :2008-09-10 15:11:52
NMCOS    

[原文]The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts.


[CNNVD]LPRNG远程可提交任意打印作业漏洞(CNNVD-200207-045)

        
        LPRng是一款增强的、扩展的、移植的Berkeley LPR打印作业系统实现。
        LPRng对打印提交的来源没有进行正确的判别,可导致任意远程攻击者提交打印作业请求。
        默认配置情况下,LPRng接收来自任意主机的作业提交,恶意攻击者可以提交多个打印请求到已经存在的打印队列中。
        修正过的版本改变作业提交策略(修改/etc/lpd.perms),默认拒绝来自远程主机的作业。Red Hat Linux 7.1系统上,默认安装包含的ipchains规则阻塞所有远程访问打印机端口访问,所以也拒绝所有远程作业提交,但是Red Hat Linux 7需要升级程序。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:astart_technologies:lprng:3.7.4
cpe:/o:astart_technologies:lprng:3.8.9

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0378
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0378
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200207-045
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2002-089.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:089
http://www.securityfocus.com/bid/4980
(UNKNOWN)  BID  4980
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-042.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:042
http://www.iss.net/security_center/static/9322.php
(UNKNOWN)  XF  lprng-remote-jobs-dos(9322)
http://online.securityfocus.com/advisories/4205
(UNKNOWN)  HP  HPSBTL0206-048

- 漏洞信息

LPRNG远程可提交任意打印作业漏洞
高危 配置错误
2002-07-03 00:00:00 2006-09-20 00:00:00
远程  
        
        LPRng是一款增强的、扩展的、移植的Berkeley LPR打印作业系统实现。
        LPRng对打印提交的来源没有进行正确的判别,可导致任意远程攻击者提交打印作业请求。
        默认配置情况下,LPRng接收来自任意主机的作业提交,恶意攻击者可以提交多个打印请求到已经存在的打印队列中。
        修正过的版本改变作业提交策略(修改/etc/lpd.perms),默认拒绝来自远程主机的作业。Red Hat Linux 7.1系统上,默认安装包含的ipchains规则阻塞所有远程访问打印机端口访问,所以也拒绝所有远程作业提交,但是Red Hat Linux 7需要升级程序。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 修改/etc/lpd.perms,改变作业提交策略,默认拒绝来自远程主机的作业。
        厂商补丁:
        HP
        --
        HP已经为此发布了一个安全公告(HPSBTL0206-048)以及相应补丁:
        HPSBTL0206-048:Misconfiguration in LPRng print spooler
        HP建立使用Red Hat Advisory RHSA-2002:089所提供的相关补丁。
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2002:089-07)以及相应补丁:
        RHSA-2002:089-07:Relaxed LPRng job submission policy
        链接:https://www.redhat.com/support/errata/RHSA-2002-089.html
        补丁下载:
        Red Hat Linux 7.0:
        SRPMS:
        ftp://updates.redhat.com/7.0/en/os/SRPMS/LPRng-3.7.4-23.1.src.rpm
        alpha:
        ftp://updates.redhat.com/7.0/en/os/alpha/LPRng-3.7.4-23.1.alpha.rpm
        i386:
        ftp://updates.redhat.com/7.0/en/os/i386/LPRng-3.7.4-23.1.i386.rpm
        Red Hat Linux 7.1:
        SRPMS:
        ftp://updates.redhat.com/7.1/en/os/SRPMS/LPRng-3.7.4-23.1.src.rpm
        alpha:
        ftp://updates.redhat.com/7.1/en/os/alpha/LPRng-3.7.4-23.1.alpha.rpm
        i386:
        ftp://updates.redhat.com/7.1/en/os/i386/LPRng-3.7.4-23.1.i386.rpm
        ia64:
        ftp://updates.redhat.com/7.1/en/os/ia64/LPRng-3.7.4-23.1.ia64.rpm
        Red Hat Linux 7.2:
        SRPMS:
        ftp://updates.redhat.com/7.2/en/os/SRPMS/LPRng-3.7.4-28.1.src.rpm
        i386:
        ftp://updates.redhat.com/7.2/en/os/i386/LPRng-3.7.4-28.1.i386.rpm
        ia64:
        ftp://updates.redhat.com/7.2/en/os/ia64/LPRng-3.7.4-28.1.ia64.rpm
        Red Hat Linux 7.3:
        SRPMS:
        ftp://updates.redhat.com/7.3/en/os/SRPMS/LPRng-3.8.9-4.src.rpm
        i386:
        ftp://updates.redhat.com/7.3/en/os/i386/LPRng-3.8.9-4.i386.rpm
        可使用下列命令安装补丁:
        rpm -Fvh [文件名]

- 漏洞信息

12644
LPRng Remote Print Submission
Remote / Network Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-06-09 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

LPRNG Remote Print Submission Vulnerability
Configuration Error 4980
Yes No
2002-06-10 12:00:00 2009-07-11 01:56:00
Discovery credited to Matthew Caron.

- 受影响的程序版本

Patrick Powell LPRng 3.8.9
- RedHat Linux 7.3
Patrick Powell LPRng 3.7.4
- HP Secure OS software for Linux 1.0
- Mandriva Linux Mandrake 8.2
- Mandriva Linux Mandrake 8.1
- RedHat Linux 7.2
- RedHat Linux 7.1
- RedHat Linux 7.0
Patrick Powell LPRng 3.6.20
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.19
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.18
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.17
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.16
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.15
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.14
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.13
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.12
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.11
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.10
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.9
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.8
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.7
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.6
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.5
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.4
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.3
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.2
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
Patrick Powell LPRng 3.6.1
- Debian Linux 2.2
- Debian Linux 2.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.4
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- OpenBSD OpenBSD 2.7
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 6.3
- SGI IRIX 5.3
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0

- 漏洞讨论

The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality.

Default configurations of LPRng accept all remote print submissions to the print queue. A malicious attacker may be able to submit many print requests to the existing print queue.

- 漏洞利用

There is no exploit code required.

- 解决方案

HP has advised applying the appropriate fixes made available in Red Hat Advisory RHSA-2002:089.

RedHat has issued an advisory with detailed upgrading instructions. Updated packages are available.

Mandrake has issued an advisory. Customers are advised to upgrade to the latest packages.


Patrick Powell LPRng 3.7.4

Patrick Powell LPRng 3.8.9

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站