Red Hat Inc. Information for VU#382365
LPRng can pass user-supplied input as a format string parameter to syslog() calls
- Vendor Information Help Date Notified: 26 Sep 2000
- Statement Date:
- Date Updated: 27 Jan 2003
LPRng Version 3.6.24 and earlier is vulnerable. See RHSA-2000:065 at:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has recieved reports of this vulnerability being scanned for on systems installed with vulnerable versions of LPRng.