By Chris Holbrook, 2 May 2001 09:43
NEWS The problem arises through a vulnerability in a program called 'lpd/LPRng' that controls printer requests across a Unix network, coupled with Sun Microsystems' remote procedure call software which allows networks to communicate with each other. The defect, known as format string vulnerability, may allow unauthorised remote users to execute arbitrary code on a machine, or start a denial of service attack on the vulnerable system. The FBI's cybercrime unit, the National Infrastructure Protection Centre (NIPC), raised the alarm after they noticed a significant increase in attempts to take advantage of the flaw through the popular platform. According to the NIPC, the solution is to upgrade to the non-vulnerable version of LPRng, disallow access to printer service ports 515/tcp or employ packet-filtering technology such as a firewall. For more details on this security hole, visit http://www.kb.cert.org/vuls/id/382365
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below