From dittrich@cac.washington.edu Tue Feb 27 12:39:43 2001 Received: from mxu2.u.washington.edu (mxu2.u.washington.edu [140.142.32.9]) by lists.u.washington.edu (8.9.3+UW00.05/8.9.3+UW00.12) with ESMTP id MAA65736 for ; Tue, 27 Feb 2001 12:39:42 -0800 Received: from mxout2.cac.washington.edu (mxout2.cac.washington.edu [140.142.33.4]) by mxu2.u.washington.edu (8.9.3+UW00.02/8.9.3+UW99.09) with ESMTP id MAA08237 for ; Tue, 27 Feb 2001 12:39:42 -0800 Received: from shiva0.cac.washington.edu (shiva0.cac.washington.edu [140.142.100.200]) by mxout2.cac.washington.edu (8.9.3+UW00.02/8.9.3+UW00.01) with ESMTP id MAA13510; Tue, 27 Feb 2001 12:39:42 -0800 Received: from localhost (dittrich@localhost) by shiva0.cac.washington.edu (8.9.3+UW00.02/8.9.3+UW99.09) with ESMTP id MAA02187; Tue, 27 Feb 2001 12:39:42 -0800 Date: Tue, 27 Feb 2001 12:39:42 -0800 (PST) From: Dave Dittrich To: Network System Adminstrators list cc: Subject: Re: Remote Root Exploit for Redhat 7.0 (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Does anyone have one of the vulnerable LPRng RPM packages for RH 7.0 they could send me? RedHat 7.0 (Guinness) with LPRng-3.6.22/23/24-1 from rpm - glibc-2.2-5 (E.g., the file LPRng-3.6.24-1.i386.rpm from an early RH 7.0 CD-ROM) -- Dave Dittrich Computing & Communications dittrich@cac.washington.edu Client Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ---------- Forwarded message ---------- Date: Tue, 2 Jan 2001 09:51:11 -0800 Subject: Re: Remote Root Exploit for Redhat 7.0 From: Max Vision To: BUGTRAQ@SECURITYFOCUS.COM Hi, since this was cross-posted to vuln-dev and Bugtraq I think the wider audience should know the facts... ---------- Forwarded message ---------- Date: Sat, 30 Dec 2000 12:58:07 -0800 (PST) From: Max Vision To: "kry_cek@libero.it" Cc: VULN-DEV@SECURITYFOCUS.COM Subject: Re: Remote Root Exploit for Redhat 7.0 Ew. When you diff the source, it is apparent that this is a plagiarized exploit that was actually written by DiGiT of security.is [1] (which I saw posted to their website December 8th!) Not only that, but this was discussed publicly in September [2], then fixed by Redhat in early October [3]. Redhat even went so far as to change the 7.0 ISO image to include the fixed LPRng package Oct 11th [4], so many recent default installations are not affected. Affected users that used the old ISO images can still download the RPM updates [5]. [1] http://www.security.is/material/SEClpd.c [2] http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17756 [3] http://www.redhat.com/support/errata/RHSA-2000-065-06.html [4] ftp://ftp.redhat.com/pub/redhat/releases/guinness/i386/iso [5] ftp://updates.redhat.com/7.0/i386/LPRng-3.6.24-2.i386.rpm ftp://updates.redhat.com/7.0/SRPMS/LPRng-3.6.24-2.src.rpm Max On Sat, 30 Dec 2000, kry_cek@libero.it wrote: > This exploit compromise Redhat 7.0 box and it allows to gain the root.. > is very dangerous.. please RedHat.com release a patch!! > This expl take advantage of Lpd. > > For download this expl. look www.netcat.it/download/SEClpd.c > > Thx To All > Staff of www.netcat.it > .