Notified: December 06, 2000 Updated: December 11, 2000
FreeBSD does not include LPRng in the base system. Older versions of FreeBSD included a vulnerable version of LPRng in the Ports
Collection but this was corrected almost 2 months ago, prior to the release of FreeBSD 4.2. See FreeBSD Security Advisory 00:56 (ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc) for more information.
The vendor has not provided us with any further information regarding this vulnerability.
While the default FreeBSD install is not vulnerable to this issue, users runnning the LPRng included the Ports Collections prior to 4.2 should immediately upgrade to the LPRng-3.6.25 in the latest sysutils package.