Info

Disclosure

Jun 19, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote/local overflow exists in rlpr. The msg() function fails to properly check bounds resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with the privileges of either the rlprd process or root, resulting in a loss of integrity.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.05 or higher, as it has been reported to fix this vulnerability. In addition, Debian has released a patch to address this vulnerability.

Products

rlpr	rlpr	2.00
		2.01
		2.02
		2.03
		2.04

References

Secunia Advisory ID: 11906 11907
CVE ID: 2004-0454 (see also: NVD)
Related OSVDB ID: 7195
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0626.html
Vendor URL: http://truffula.com/rlpr/
Other Advisory URL: http://www.debian.org/security/2004/dsa-524

Credit

Jaguar - jaguarfelinemenace.org -

Direct URL: http://osvdb.org/36218