漏洞信息详情

S.u.S.E. 5.2 lpc漏洞

• CNNVD编号：CNNVD-199902-008
• 危害等级： 高危
  
• CVE编号： CVE-1999-0363
• 漏洞类型： 缓冲区溢出
• 发布时间： 1999-02-02
• 威胁类型： 本地
• 更新时间： 2005-05-02
• 厂        商： plp
• 漏洞来源： on Feb 3, 1999.');">First posted to Bu...

漏洞简介

SuSE 5.2 PLP lpc程序存在漏洞。该程序存在缓冲区溢出，导致根妥协。

漏洞公告

There is an alternative lpc suite that can be used, or the patch below. lpr, the alternative to lpc, is included in the S.u.S.E. 5.2 source library in the form of lpr-tlr-971016.tar.gz (or newer). If you wish to continue using the vulnerable version of lpc, apply the following patch: --- /usr/src/packages/SOURCES/origplp/plp-4.0.3/src/common/control_ops.c Thu Jun 15 14:09:12 1995 +++ /usr/src/packages/SOURCES/newplp/plp-4.0.3/src/common/control_ops.c Wed Feb 3 12:36:17 1999 @@ -676,7 +676,7 @@ att_mark = False; if ((afp = fopen_daemon (Attach_file, "r"))) { /* Try to open attach file */ - if (fscanf (afp, "%s", afname) == 1) { + if (fgets (afname, sizeof(afname), afp) != NULL) { if (strsame (afname, Printer)) { fatal (XLOG_INFO, "Printer '%s' attached to itself", Printer); } @@ -1622,7 +1622,7 @@ if ((s = C_abort ())) { if (stat (Attach_file, &statb) == 0) { if ((afp = fopen_daemon (Attach_file, "r"))) { - if (fscanf (afp, "%s", afname) != 1) { + if (fgets (afname, sizeof(afname), afp) != NULL) { fatal (XLOG_INFO, "attach file for printer %s corrupted!", Printer); } --- /usr/src/packages/SOURCES/origplp/plp-4.0.3/src/common/displayq.c Tue Aug 29 12:44:35 1995 +++ /usr/src/packages/SOURCES/newplp/plp-4.0.3/src/common/displayq.c Wed Feb 3 12:35:37 1999 @@ -99,7 +99,7 @@ * check to see if attached to another printerq, alter printer if attached */ if (Attach_file && *Attach_file && ((afp = fopen (Attach_file, "r")))) { - if (fscanf (afp, "%s", afname) == 1) { + if (fgets (afname, sizeof(afname), afp) != NULL) { if (strsame (afname, Printer)) { fatal (XLOG_INFO, "Printer '%s' attached to itself", Printer); }

参考网址

来源: BID 名称: 328 链接:http://www.securityfocus.com/bid/328

受影响实体

• Plp Line_printer_control  

补丁

暂无