Red Hat Inc. Information for VU#382365

LPRng can pass user-supplied input as a format string parameter to syslog() calls

Status

Affected

Vendor Statement

LPRng Version 3.6.24 and earlier is vulnerable. See RHSA-2000:065 at:

    http://www.redhat.com/support/errata/RHSA-2000-065.html

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Vendor References

    None

    Addendum

    The CERT/CC has recieved reports of this vulnerability being scanned for on systems installed with vulnerable versions of LPRng.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.