On Tue, 16 Apr 2002, John Hunter wrote: > The lprng string format vulnerability hat I came across while > researching this http://www.ciac.org/ciac/bulletins/l-025.shtml was > patched (as far as I can see) by redhat as of version 7.0 with > http://www.redhat.com/support/errata/RHSA-2000-065-06.html. Is there > a new one out, or was the fix not a fix, or what?
it could be either a new vulnerability, or the version on 7.2 isn't patched. it could also be that there are multiple ways to exploit the bug, and the bug itself wasn't fixed, merely that particular entry point. you may want to look it up in the bugtraq archives, as there is probably a good discussion of the vulnerability there. -- christian void - [EMAIL PROTECTED] www.morphine.com/void/ gpg key available on request _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
