Security Update: Multiple Vulnerabilities in BSD LPR Subsys

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
semi-fly
Posts: 786
Joined: Fri Feb 21, 2003 5:29 am
Location: Ypsitucky, MI
Contact:

Security Update: Multiple Vulnerabilities in BSD LPR Subsys

Unread postby semi-fly » Mon Apr 28, 2003 6:46 am

This should only be an issue if your running the bsd printing system, but just in case you are:
http://support.sgi.com/ and
ftp://patches.sgi.com/support/free/security/patches/


It's been reported that there are several vulnerabilities in the IRIX
bsdlpr
printing subsystem:

o lpd chkhost() routine is easily spoofed
See: http://www.kb.cert.org/vuls/id/30308

o lpd should execl() sendmail -t, not sendmail
See: http://www.kb.cert.org/vuls/id/39001

o Unstable behavior in lpd resulting from the patch4835 fixes

o lprm buffer overrun
See: http://www.insecure.org/sploits/lprm.overflow.html
http://www.kb.cert.org/vuls/id/293305

SGI has investigated the issue and recommends the following steps for
neutralizing the exposure. It is HIGHLY RECOMMENDED that these
measures be
implemented on ALL vulnerable SGI systems.

These issues have been corrected with patches and in future releases of
IRIX.


Not sure if it's installed?
To see if the bsdlpr subsystem is installed, execute the following
command:

$ versions print.sw.bsdlpr
I = Installed, R = Removed

Name Date Description
I print 01/30/2003 Printing Tools, Release
1.16.5f
I print.sw 01/30/2003 Printing Tools Software
1.16.5f
I print.sw.bsdlpr 01/30/2003 Berkeley 'lpr' Printer Spooler

If the output shown is similar to the above, then the subsystem is
installed
and the system may be vulnerable.

User avatar
dexter1
Moderator
Moderator
Posts: 2743
Joined: Thu Feb 20, 2003 6:57 am
Location: Zoetermeer, The Netherlands

Unread postby dexter1 » Mon Apr 28, 2003 8:08 am

it's not installed by default. I know 'cause i needed it in the early days.

Nowadays i use CUPS for all my printing on Unix and Windows. It actually runs fine on my Origin200 with the freeware CUPS version. Give it a try. Installing and running CUPS isn't hard and is much more versatile than this ageing bsd shite. It even has support for the IRIX lp tools...

User avatar
squeen
Moderator
Moderator
Posts: 2933
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

CUPS security

Unread postby squeen » Thu Jun 12, 2003 4:31 am

CUPS had a security problem prior to release 1.1.18

ref: http://www.easysw.com/news.php?VN87+CALL+I

However, when I upgraded I got locked out of all my printers.
An SGI freeware tech told me to look at the PAM setup, but I haven't had time yet.

User avatar
dexter1
Moderator
Moderator
Posts: 2743
Joined: Thu Feb 20, 2003 6:57 am
Location: Zoetermeer, The Netherlands

Unread postby dexter1 » Thu Jun 12, 2003 5:34 am

Odd, i had CUPS 1.1.18 installed on my server and O2 since 23 april and no problems whatsoever. Do you use PAM in any way?

User avatar
squeen
Moderator
Moderator
Posts: 2933
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

PAM

Unread postby squeen » Thu Jun 12, 2003 5:47 am

Nope. That's why I've put off looking into the issue. It may be disabled.

User avatar
semi-fly
Posts: 786
Joined: Fri Feb 21, 2003 5:29 am
Location: Ypsitucky, MI
Contact:

Re: CUPS security

Unread postby semi-fly » Thu Jun 12, 2003 11:52 am

squeen wrote:CUPS had a security problem prior to release 1.1.18

ref: http://www.easysw.com/news.php?VN87+CALL+I

However, when I upgraded I got locked out of all my printers.
An SGI freeware tech told me to look at the PAM setup, but I haven't had time yet.


Hmm, that is strange...


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest