linux security - Oct 1997 - SNI-19: BSD lpd vulnerabilities (UPDATE)

-----BEGIN PGP SIGNED MESSAGE-----

                        #####   ##   ##   ######
                        ##      ###  ##     ##
                        #####   ## # ##     ##
                           ##   ##  ###     ##
                        ##### . ##   ## . ###### .

                           Secure Networks Inc.

                            Security Advisory
                             October 21, 1997

                  SNI-19.BSD.lpd.vulnerabilities update


This is an update to the advisory SNI-19.BSD.lpd.vulnerabilities
which was released on October 2, 1997.

Issue 1
~~~~~~~

A problem was pointed out in the recommended fixes by Matt Power
<mhpower@MIT.EDU>, which would still allow an attacker using the
recommended fixes to remove any file on the remote system.  This
problem was present due to the fact that when lpd exited due to
receiving invalid characters in the filename, the error routine
would continue to remove the specified file.

An updated version of the recommended fixes has been placed in
the same location as the original fixes:

               ftp://ftp.secnet.com/pub/patches/lpd.tar.gz


Issue 2
~~~~~~~

There has been some confusion over an alternative print spooler
called LPRng.  LPRng is not vulnerable to any of the problems which
were discussed in SNI-19.BSD.lpd.vulnerabilities.  LPRng is an
alternative print spooler written by Patrick Powell
<papowell@astart.com>.


Additional Information
~~~~~~~~~~~~~~~~~~~~~~

You can subscribe to our security advisory mailing list by sending
mail to majordomo@secnet.com, containing the single line
subscribe sni-advisories

You can find Secure Networks papers at ftp://ftp.secnet.com/pub/papers
and advisories at ftp://ftp.secnet.com/pub/advisories

You can contact Secure Networks Inc. at <sni@secnet.com> using
the following PGP key:

Type Bits/KeyID    Date       User ID
pub  1024/9E55000D 1997/01/13 Secure Networks Inc. <sni@secnet.com>
                              Secure Networks <security@secnet.com>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzLaFzIAAAEEAKsVzPR7Y6oFN5VPE/Rp6Sm82oE0y6Mkuof8QzERV6taihn5
uySb31UeNJ4l6Ud9alOPT/0YdeOO9on6eD1iU8qumFxzO3TLm8nTAdZehQSAQfoa
rWmpwj7KpXN/3n+VyBWvhpBdKxe08SQN4ZjvV5HXy4YIrE5bTbgIhFKeVQANAAUR
tCVTZWN1cmUgTmV0d29ya3MgSW5jLiA8c25pQHNlY25ldC5jb20+iQCVAwUQM1yd
EB/bLKAOe7p9AQFptAQAiYpaZCpSmGgr05E698Z3t5r5BPAKUEtgvF53AvZUQLxz
ZsYsVU5l5De0qKWJOQ/9LiDyWu1lvKhlTphbLy2RatWD4kO3oQL9v3TpSXm2WQhU
uIzyZvj7S5ENodNnKn+gCDIvbou6OMot+7dRbWWgN2oabbru4CSlOxbG++yaTz+J
AJUDBRAzTefbtOXez5VgyLkBAd0bA/43eGEgvPOFK+HHWCPpkSWCwtrtDU/dxOVz
9erHnT/CRxeojCI+50f71Qe+kvx9Q1odz2Jl/fLxhnPQdbPnpWblIbu4F8H+Syrj
HTilDrl1DWa/nUNgK8sb27SMviELczP1a8gwA1eo5SUCG5TWLLTAzjWOgTxod2Ha
OwseUHmqVIkAlQMFEDNOVsr/d6Iw8NVIbQEBxM0D/14XRfgSLwszgJcVbslMHm/B
fF6tHoWYojzQle3opOuMYHNN8GsMZRkc1qQ8QuNA9Aj5+qDqEontGjV5IvhBu1fY
FM77AhagskaFCZxwqV64Qrk328WDO89NGSd+RuovVNruDdn20TxNCEVuPTHjI0UA
8H+E6FW9jexg6RTHhPXYtCVTZWN1cmUgTmV0d29ya3MgPHNlY3VyaXR5QHNlY25l
dC5jb20+iQCVAwUQMtqTKB/bLKAOe7p9AQFw5wQAgUwqJ+ZqfEy/lO1srU3nzxLA
X0uHGHrMptRy/LFo8swD6G1TtWExUc3Yv/6g2/YK09b5WmplEJ+Q09maQIw+RU/s
cIY+EsPauqIq4JTGh/Nm0Z4UDl2Y1x4GNtm0YqezxUPS0P0A3LHVLJ3Uo5og0G8O
gPNrfbVz5ieT14OSCWCJAJUDBRAy2hd2/3eiMPDVSG0BAVNhBACfupfAcNhhnQaq
aI03DOOiZSRjvql1xw4V+pPhM+IksdSK3YNUZVJJtANacgDhBT+jAPRaYbBWI3A5
ZMdcSNM8aTG0LWMLIOiOYEm6Lgd3idRBFN0Js08eyITl8mhZ33mDe4I0KQri9UiV
ZcPYTbb9CWM6Hv2cMbt6S6kLnFziqIkAlQMFEDLaF0+4CIRSnlUADQEBCLoEAJwt
UofDgvyZ4nCDx1KKAPkkXBRaPMWBp46xeTVcxaYiloZfwHfpk1h2mEJAxmAsvizl
OtIppHl4isUxcGi/E2mLCLMvis22/IQP/9obPahPvgNaMLVtZljO1Nv3QFEkNciL
FEUTNJHR1ko7ibCxkBs4cOpirFuvTMDvWnNaXAf8
=DchE
- -----END PGP PUBLIC KEY BLOCK-----

Copyright Notice
~~~~~~~~~~~~~~~~
The contents of this advisory are Copyright (C) 1997 Secure Networks Inc,
and may be distributed freely provided that no fee is charged for
distribution, and that proper credit is given.

 You can find Secure Networks papers at ftp://ftp.secnet.com/pub/papers
 and advisories at ftp://ftp.secnet.com/advisories

 You can browse our web site at http://www.secnet.com

 You can subscribe to our security advisory mailing list by sending mail to
 majordomo@secnet.com with the line "subscribe sni-advisories"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBNE0SBrgIhFKeVQANAQEFnQP+K0dS6HsDM+8wF8d85+QD5x4jBM67ELN8
QDnCchCqfPStGzpM9lV9tGNB27Dto1KlBMMG3rM9ZRGSrvgTa98nU6/MMMydH78L
jJNPfwDhZ3y+w34HvloduJEBs+uddztlWKGtB2XsS6DDMDLbiQ7qjBDQAWzH7AQt
z12GvGbTKMk=EnUg
-----END PGP SIGNATURE-----