Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: unix4897.htm

5th Dec 2001 [SBWID-4897]



	OpenBSD 3.0 and prior versions


	Todd C. Miller reported following, initialy found by  Sebastian  Krahmer
	of SuSE :

	A security issue exists with lpd (the  line  printer  daemon)  that  may
	allow an attacker to create arbitrary new files in the  root  directory.
	Only  machines  with  line  printer  access  (ie:   listed   in   either
	/etc/hosts.lpd or /etc/hosts.equiv) may be used to mount an  attack  and
	the attacker must have root access on  the  machine.  OpenBSD  does  not
	start lpd in the default installation.


	A patch exists to fix the problem:

	For OpenBSD-2.9 (as well as OpenBSD-2.8):



	For OpenBSD-3.0



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH