Rlpr.msg.Format.String
Description
It indicates a possible exploit of "msg() format string" vulnerability in rlpr daemon.
rlpr daemon is a package that makes possible printing remote files to local printer. A format string vulnerability is reported in its msg() function that may allow an attacker to execute arbitrary code on the vulnerable system. A remote attacker could exploit this vulnerability to overflow a buffer via format string specifies in a buffer that can not be resolved, which is provided to the syslog function and execute arbitrary code on the system with privileges of the rlprd process.
Affected Products
rlpr version 2.0 through 2.0.4
Impact
Compromised of the affected system.
Recommended Actions
Upgrade to the latest rlpr package from the following URL:
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |