Celui-l� est assez urgent. Bien s�r faut d�j� �tre assez fou pour laisser le service d'impression accessible sur Internet. From: Jason Edgecombe <[EMAIL PROTECTED]> Subject: Re: LPRng remote root exploit Date: 16 Dec 2000 01:00:37 +0100 Message-ID: <[EMAIL PROTECTED]> greetings, a workaround does exist to prevent this exploit in special cases. add the following line to the beginning of /etc/lpd/perms: REJECT SERVICE=X NOT IFIP=127.0.0.1/32 restart LPRng This workaround is only valid on a machine that NOT a print server. The only reason I run LPRng is for local printing, so this works for me. The output from the running the exploit with this workaround in place: --------begin output----------------------- ** LPRng remote root exploit coded by venomous of rdC ** constructing the buffer: adding bytes for padding: 2 retloc: 0xbfffee30 + offset(0) == 0xbfffee30 adding resulting retloc(0xbfffee30).. adding shellcode address(0xbffff640) adding nops.. adding shellcode.. all is prepared.. now lets connect to something.. connecting to host.somewhere.com to port 515 connected!, sending the buffer... K��}�1��C��1��������/bin/shu�f���1�1C00$[%.9u%301$n%.192u%302$n1�1�1ɳ�g_ no connect permissions ---------------end output-------------------- The machine that I ran it against is a Redhat 7.0 box with all package updates in place. "rpm -q LPRng" yields: LPRng-3.6.24-2 venomous wrote: > > LPRng-3.6.22/23/24 remote root exploit, enjoy. - Pour poster une annonce: [EMAIL PROTECTED]
