VULHUB ™

Two security vulnerabilities exist in the lpd (line printer daemon) shipped with the lpr package. First, authentication was not thorough enough. If a remote user was able to control their own DNS so that their IP address resolved to the hostname of the print server, access would be granted, when it should not be. Secondly, it was possible in the control file of a print job to specify arguments to sendmail. Through careful manipulation of control and data files, this could cause sendmail to be executed with a user-specified configuration file. This could lead very easily to a root compromise.

Two security vulnerabilities exist in the lpd (line printer daemon) shipped with the lpr package. First, authentication was not thorough enough. If a remote user was able to control their own DNS so that their IP address resolved to the hostname of the print server, access would be granted, when it should not be. Secondly, it was possible in the control file of a print job to specify arguments to sendmail. Through careful manipulation of control and data files, this could cause sendmail to be executed with a user-specified configuration file. This could lead very easily to a root compromise.