Intrusion Prevention

LPRng.Format.String

Description

This indicates an attempt to exploit a format string vulnerability in the use_syslog() function in the RedHat Linux LPRng program.


A remote attacker can send a specially-crafted packet to the LPRng daemon on a target system to execute arbitrary code on the system.

Affected Products

Trustix Trustix Secure Linux 1.1
Trustix Trustix Secure Linux 1.0
SCO eServer 2.3
SCO eDesktop 2.4
RedHat Linux 7.0
Caldera OpenLinux eBuilder 3.0
Caldera OpenLinux Desktop 2.3

Impact

Attackers may execute arbitrary code with the privileges of the lpd process.


Recommended Actions

Upgrade the system to the latest non-vulnerable version.


CVE References

CVE-2000-0917