多个供应商lpd漏洞

4年前更新

2080

漏洞信息详情

多个供应商lpd漏洞

CNNVD编号：CNNVD-200001-026

危害等级：超危
CVE编号：
CVE-2000-1221
漏洞类型：

访问验证错误
发布时间：

2000-01-08
威胁类型：

远程
更新时间：

2009-02-28
厂商：

sgi
漏洞来源：
Vulnerability anno…

漏洞简介

多个Linux操作系统lpr包中的line printer daemon (lpd)通过对比本地机器的反向解析主机名和由gethostname返回的打印服务器的主机名进行认证。远程攻击者通过修改攻击IP的DNS绕过预定的访问控制。

漏洞公告

SGI has released a security advisory. The issue has been addressed in the latest version of IRIX. Fixes have also been made available.
SGI has released a new security advisory which contains a patch which addresses problems encountered in the 4835 patch. Users are advised to apply the newly available patch as soon as possible.
Download the fix from RedHat at:
Red Hat Linux 6.x:
Intel:
ftp://updates.redhat.com/6.1/i386/lpr-0.48-1.i386.rpm
Alpha:
ftp://updates.redhat.com/6.1/alpha/lpr-0.48-1.alpha.rpm
Sparc:
ftp://updates.redhat.com/6.1/sparc/lpr-0.48-1.sparc.rpm
Source packages:
ftp://updates.redhat.com/6.1/SRPMS/lpr-0.48-1.src.rpm
Red Hat Linux 5.x:
Intel:
ftp://updates.redhat.com/5.2/i386/lpr-0.48-0.5.2.i386.rpm
Alpha:
ftp://updates.redhat.com/5.2/alpha/lpr-0.48-0.5.2.alpha.rpm
Sparc:
ftp://updates.redhat.com/5.2/sparc/lpr-0.48-0.5.2.sparc.rpm
Source packages:
ftp://updates.redhat.com/5.2/SRPMS/lpr-0.48-0.5.2.src.rpm
Red Hat Linux 4.x:
Intel:
ftp://updates.redhat.com/4.2/i386/lpr-0.48-0.4.2.i386.rpm
Alpha:
ftp://updates.redhat.com/4.2/alpha/lpr-0.48-0.4.2.alpha.rpm
Sparc:
ftp://updates.redhat.com/4.2/sparc/lpr-0.48-0.4.2.sparc.rpm
Source packages:
ftp://updates.redhat.com/4.2/SRPMS/lpr-0.48-0.4.2.src.rpm
SGI IRIX 6.5

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.1

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.10

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.11

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.12

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.13

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.14 f

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.14 m

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.15 m

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.15 f

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.16 m

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.16 f

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.17 f

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.17 m

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.18 m

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.18 f

SGI patch4835.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.2

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.3

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.4

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.5

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.6

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.7

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.8

SGI IRIX 6.5.19
www.sgi.com

SGI IRIX 6.5.9

SGI IRIX 6.5.19
www.sgi.com

参考网址

来源:US-CERT Vulnerability Note: VU#30308
名称: VU#30308
链接:http://www.kb.cert.org/vuls/id/30308

来源: DEBIAN
名称: 20000109 lpr — access control problem and root exploit
链接:http://www.debian.org/security/2000/20000109

来源: L0PHT
名称: 20000108 Quadruple Inverted Backflip
链接:http://www.atstake.com/research/advisories/2000/lpd_advisory.txt

来源: SGI
名称: 20021104-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P

来源: XF
名称: redhat-lpd-auth(3840)
链接:http://xforce.iss.net/xforce/xfdb/3840

来源: BID
名称: 927
链接:http://www.securityfocus.com/bid/0927

来源: L0PHT
名称: 20000108 Quadruple Inverted Backflip
链接:http://www.atstake.com/research/advisories/2000/lpd_advisory.txt

来源: REDHAT
名称: RHSA-2000:002
链接:http://rhn.redhat.com/errata/RHSA-2000-002.html

受影响实体

Sgi Irix:6.5
Sgi Irix:6.5.1
Sgi Irix:6.5.10
Sgi Irix:6.5.11
Sgi Irix:6.5.12

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐