OpenBSD lprm buffer overflow

lprm-bo (11473)

High Risk

Description:

The lprm utility is vulnerable to a buffer overflow, caused by improper bounds checking of user-supplied input. A local attacker could exploit this buffer overflow to gain elevated privileges on the system, including possibly root privileges.

Consequences:

Gain Privileges

Remedy:

For OpenBSD 3.2 and earlier:
Apply the appropriate patch for your system, as listed in OpenBSD 3.2 errata 010: SECURITY FIX: March 5, 2003. See References.

For SuSE Linux:
Upgrade to the latest lprold package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2003:0014. See References.

SuSE Linux 7.3 (Intel): 3.0.48-408 or later
SuSE Linux 7.2 and 7.1 (Intel): 3.0.48-407 or later
SuSE Linux 7.3 (Sparc): 3.0.48-273 or later
SuSE Linux 7.1 (AXP Alpha): 3.0.48-270 or later
SuSE Linux 7.3 and 7.1 (PPC Power PC): 3.0.48-297 or later

For Debian GNU/Linux:
Upgrade to the latest lpr package, as listed below. Refer to DSA 267-1 for more information. See References.

Debian GNU/Linux 2.2 (potato): 0.48-1.1 or later
Debian GNU/Linux 3.0 (woody): 2000.05.07-4.3 or later

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest lpr-ppd (0.72-2.1 or later), as listed in DSA-275-1. See References.

For SGI IRIX:
Upgrade to the latest version of IRIX (6.5.20 or later), as listed in SGI Security Advisory 20030406-02-P. See References.

— OR —

Apply the appropriate patch for your system, as listed in SGI Security Advisory 20030406-02-P. See References.

For Mandrake Linux:
Upgrade to the latest lpr package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:059 for more information. See References.

Mandrake Linux 8.2: 0.72-3.1mdk or later

For other distributions:
Contact your vendor for upgrade or patch information.

References:

• BugTraq Mailing List, Wed Mar 05 2003 - 16:33:25 CST: potential buffer overflow in lprm (fwd).
• CIAC Information Bulletin N-076: Multiple Vulnerabilities in BSD LPR Subsystem.
• DSA 267-1: lpr -- buffer overflow.
• OpenBSD Web site: 010: SECURITY FIX: March 5, 2003.
• SGI Security Advisory 20030406-01-P: Multiple Vulnerabilities in BSD LPR Subsystem.
• SGI Security Advisory 20030406-02-P: Multiple Vulnerabilities in BSD LPR Subsystem.
• BID-7025: Multiple Vendor LPRM Local Buffer Overflow Vulnerability
• CVE-2003-0144: Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
• DSA-267: lpr -- buffer overflow
• DSA-275: lpr-ppd -- buffer overflow
• MDKSA-2003:059: Updated lpr packages fix local root vulnerability
• SA8293: SuSE lprm command buffer overflow
• SUSE-SA:2003:0014: lprold: local privilege escalation

Platforms Affected:

• Debian Debian Linux 2.2
• Debian Debian Linux 3.0
• MandrakeSoft Mandrake Linux 8.2 PPC
• MandrakeSoft Mandrake Linux 8.2
• Novell SuSE Linux Enterprise Server 7.0
• OpenBSD OpenBSD 3.2 and prior
• SGI IRIX 6.5
• SGI IRIX 6.5 20
• SGI IRIX 6.5.1
• SGI IRIX 6.5.10
• SGI IRIX 6.5.10f
• SGI IRIX 6.5.10m
• SGI IRIX 6.5.11
• SGI IRIX 6.5.11f
• SGI IRIX 6.5.11m
• SGI IRIX 6.5.12
• SGI IRIX 6.5.12f
• SGI IRIX 6.5.12m
• SGI IRIX 6.5.13
• SGI IRIX 6.5.13f
• SGI IRIX 6.5.13m
• SGI IRIX 6.5.14
• SGI IRIX 6.5.14f
• SGI IRIX 6.5.14m
• SGI IRIX 6.5.15
• SGI IRIX 6.5.15f
• SGI IRIX 6.5.15m
• SGI IRIX 6.5.16
• SGI IRIX 6.5.16f
• SGI IRIX 6.5.16m
• SGI IRIX 6.5.17
• SGI IRIX 6.5.17f
• SGI IRIX 6.5.17m
• SGI IRIX 6.5.18
• SGI IRIX 6.5.18f
• SGI IRIX 6.5.18m
• SGI IRIX 6.5.19
• SGI IRIX 6.5.2f
• SGI IRIX 6.5.2m
• SGI IRIX 6.5.3
• SGI IRIX 6.5.3f
• SGI IRIX 6.5.3m
• SGI IRIX 6.5.4
• SGI IRIX 6.5.4f
• SGI IRIX 6.5.4m
• SGI IRIX 6.5.5
• SGI IRIX 6.5.5f
• SGI IRIX 6.5.5m
• SGI IRIX 6.5.6
• SGI IRIX 6.5.6f
• SGI IRIX 6.5.6m
• SGI IRIX 6.5.7
• SGI IRIX 6.5.7f
• SGI IRIX 6.5.7m
• SGI IRIX 6.5.8
• SGI IRIX 6.5.8f
• SGI IRIX 6.5.8m
• SGI IRIX 6.5.9
• SGI IRIX 6.5.9f
• SGI IRIX 6.5.9m
• SuSE SuSE eMail Server 3.1
• SuSE SuSE eMail Server III
• SUSE SuSE Linux 7.1
• SUSE SuSE Linux 7.2
• SUSE SuSE Linux 7.3
• SUSE SuSE Linux 8.0
• SuSE SuSE Linux Connectivity Server
• SuSE SuSE Linux Office Server
• Turbolinux Turbolinux Advanced Server 6
• Turbolinux Turbolinux Server 6.1
• Turbolinux Turbolinux Workstation 6.0

Reported:

Mar 05, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page