BSDI Information for VU#274043
BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 06 Sep 2001
The current (BSD/OS 4.2) release is not vulnerable. Systems are only vulnerable to attack from hosts which are allowed via the /etc/hosts.lpd file (which is empty as shipped).
BSD/OS 4.1 is the only vulnerable version which is still officially supported by Wind River Systems. A patch (M410-044) is available in the normal locations, ftp://ftp.bsdi.com/bsdi/patches or via our web site at http://www.bsdi.com/support
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.