LPRng use_syslog Remote Format String Vulnerability

vendor:

LPRng

by:

jduck

7.5

CVSS

HIGH

Format String Vulnerability

134

CWE

Product Name: LPRng

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: YES

Related CWE: CVE-2000-0917

CPE: a:lprng_project:lprng

Metasploit:

Other Scripts:

Platforms Tested: Linux

2000

LPRng use_syslog Remote Format String Vulnerability

This module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as '7.0-respin'.

Mitigation:

Apply the necessary security patches provided by the vendor.

Source

LPRng use_syslog Remote Format String Vulnerability

Mitigation:

Exploit-DB raw data: