BSDI Information for VU#274043

BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request

Status

Affected

Vendor Statement

The current (BSD/OS 4.2) release is not vulnerable. Systems are only vulnerable to attack from hosts which are allowed via the /etc/hosts.lpd file (which is empty as shipped).

BSD/OS 4.1 is the only vulnerable version which is still officially supported by Wind River Systems. A patch (M410-044) is available in the normal locations, ftp://ftp.bsdi.com/bsdi/patches or via our web site at http://www.bsdi.com/support

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.