漏洞信息详情

多个供应商lpd漏洞

  • CNNVD编号:CNNVD-200001-026
  • 危害等级: 超危
  • CVE编号: CVE-2000-1221
  • 漏洞类型: 访问验证错误
  • 发布时间: 2000-01-08
  • 威胁类型: 远程
  • 更新时间: 2009-02-28
  • 厂        商: sgi
  • 漏洞来源: Vulnerability anno...

漏洞简介

多个Linux操作系统lpr包中的line printer daemon (lpd)通过对比本地机器的反向解析主机名和由gethostname返回的打印服务器的主机名进行认证。远程攻击者通过修改攻击IP的DNS绕过预定的访问控制。

漏洞公告

SGI has released a security advisory. The issue has been addressed in the latest version of IRIX. Fixes have also been made available. SGI has released a new security advisory which contains a patch which addresses problems encountered in the 4835 patch. Users are advised to apply the newly available patch as soon as possible. Download the fix from RedHat at: Red Hat Linux 6.x: Intel: ftp://updates.redhat.com/6.1/i386/lpr-0.48-1.i386.rpm Alpha: ftp://updates.redhat.com/6.1/alpha/lpr-0.48-1.alpha.rpm Sparc: ftp://updates.redhat.com/6.1/sparc/lpr-0.48-1.sparc.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/lpr-0.48-1.src.rpm Red Hat Linux 5.x: Intel: ftp://updates.redhat.com/5.2/i386/lpr-0.48-0.5.2.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/lpr-0.48-0.5.2.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/lpr-0.48-0.5.2.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/lpr-0.48-0.5.2.src.rpm Red Hat Linux 4.x: Intel: ftp://updates.redhat.com/4.2/i386/lpr-0.48-0.4.2.i386.rpm Alpha: ftp://updates.redhat.com/4.2/alpha/lpr-0.48-0.4.2.alpha.rpm Sparc: ftp://updates.redhat.com/4.2/sparc/lpr-0.48-0.4.2.sparc.rpm Source packages: ftp://updates.redhat.com/4.2/SRPMS/lpr-0.48-0.4.2.src.rpm SGI IRIX 6.5

SGI IRIX 6.5.1 SGI IRIX 6.5.10 SGI IRIX 6.5.11 SGI IRIX 6.5.12 SGI IRIX 6.5.13 SGI IRIX 6.5.14 f SGI IRIX 6.5.14 m SGI IRIX 6.5.15 m SGI IRIX 6.5.15 f SGI IRIX 6.5.16 m SGI IRIX 6.5.16 f SGI IRIX 6.5.17 f SGI IRIX 6.5.17 m SGI IRIX 6.5.18 m SGI IRIX 6.5.18 f SGI IRIX 6.5.2 SGI IRIX 6.5.3 SGI IRIX 6.5.4 SGI IRIX 6.5.5 SGI IRIX 6.5.6 SGI IRIX 6.5.7 SGI IRIX 6.5.8 SGI IRIX 6.5.9

参考网址

来源:US-CERT Vulnerability Note: VU#30308 名称: VU#30308 链接:http://www.kb.cert.org/vuls/id/30308 来源: DEBIAN 名称: 20000109 lpr -- access control problem and root exploit 链接:http://www.debian.org/security/2000/20000109 来源: L0PHT 名称: 20000108 Quadruple Inverted Backflip 链接:http://www.atstake.com/research/advisories/2000/lpd_advisory.txt 来源: SGI 名称: 20021104-01-P 链接:ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P 来源: XF 名称: redhat-lpd-auth(3840) 链接:http://xforce.iss.net/xforce/xfdb/3840 来源: BID 名称: 927 链接:http://www.securityfocus.com/bid/0927 来源: L0PHT 名称: 20000108 Quadruple Inverted Backflip 链接:http://www.atstake.com/research/advisories/2000/lpd_advisory.txt 来源: REDHAT 名称: RHSA-2000:002 链接:http://rhn.redhat.com/errata/RHSA-2000-002.html

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多