rlpr Format String and Buffer Overflow Let Remote Users Execute Arbitrary Code and Local Users Gain Root Privileges - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > rlpr

Vendors: Memishian, Peter

rlpr Format String and Buffer Overflow Let Remote Users Execute Arbitrary Code and Local Users Gain Root Privileges

SecurityTracker Alert ID: 1010545

SecurityTracker URL: http://securitytracker.com/id/1010545

CVE Reference: CAN-2004-0393, CAN-2004-0454 (Links to External Site)

Date: Jun 20 2004

Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via network

Version(s): 2.04

Description: Some vulnerabilities were reported in rlpr. A remote user can execute arbitrary code on the target system. A local user can gain root privileges.

Debian reported that jaguar@felinemenace.org discovered a format string vulnerability in rlpr in the msg() function due to a syslog(3) call made without the proper format string specifier [CVE: CAN-2004-0393].

Debian also reported that a buffer overflow was discovered in the msg() function when the above mentioned format string flaw was being investigated [CVE: CAN-2004-0454].

A remote user can execute arbitrary code with the privileges of the rlprd process. A local user can execute arbitrary code with root privileges.

Impact: A remote user can execute arbitrary code with the privileges of the rlprd process.

A local user can execute arbitrary code with root privileges.

Solution: No upstream solution was available at the time of this entry.

Vendor URL: truffula.com/rlpr/ (Links to External Site)

Cause: Boundary error, Input validation error, State error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Jun 20 2004	(Debian Issues Fix) rlpr Format String and Buffer Overflow Let Remote Users Execute Arbitrary Code and Local Users Gain Root Privileges (Matt Zimmerman <mdz@debian.org>) Debian has released a fix.
Jun 25 2004	(Exploit is Available) rlpr Format String and Buffer Overflow Let Remote Users Execute Arbitrary Code and Local Users Gain Root Privileges (jaguar@felinemenace.org) Some demonstration exploit code is available.

Source Message Contents

Date: Sun, 20 Jun 2004 01:38:47 -0400
Subject: CAN-2004-0393, CAN-2004-0454


CVE: CAN-2004-0393, CAN-2004-0454

Debian reported that jaguar@felinemenace.org discovered a format string vulnerability in 
rlpr in the msg() function due to a syslog(3) call made without the proper format string 
specifier [CVE: CAN-2004-0393].

Debian also reported that a buffer overflow was discovered in the msg() function when the 
above mentioned format string flaw was being investigated [CVE: CAN-2004-0454].

A remote user can execute arbitrary code with the privileges of the rlprd process.  A 
local user can execute arbitrary code with root privileges.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC