Red Hat Inc. Information for VU#382365

LPRng can pass user-supplied input as a format string parameter to syslog() calls



Vendor Statement

LPRng Version 3.6.24 and earlier is vulnerable. See RHSA-2000:065 at:

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Vendor References



    The CERT/CC has recieved reports of this vulnerability being scanned for on systems installed with vulnerable versions of LPRng.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.