Intrusion Prevention



It indicates a possible exploit of "msg() format string" vulnerability in rlpr daemon.

rlpr daemon is a package that makes possible printing remote files to local printer. A format string vulnerability is reported in its msg() function that may allow an attacker to execute arbitrary code on the vulnerable system. A remote attacker could exploit this vulnerability to overflow a buffer via format string specifies in a buffer that can not be resolved, which is provided to the syslog function and execute arbitrary code on the system with privileges of the rlprd process.

Affected Products

rlpr version 2.0 through 2.0.4


Compromised of the affected system.

Recommended Actions

Upgrade to the latest rlpr package from the following URL:

CVE References


Other References