Notified: December 06, 2000 Updated: December 11, 2000
Not Affected
Apple has conducted an investigation and determined that Mac OS X Public Beta and Mac OS X Server do not use LPRng and are therefore not vulnerable to this exploitation.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: December 06, 2000 Updated: December 11, 2000
Not Affected
Compaq Tru64 UNIX S/W is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: December 06, 2000 Updated: December 07, 2000
Affected
None available.
The vendor has not provided us with any further information regarding this vulnerability.
Please see: http://lists.debian.org/debian-security-0011/msg00212.html
Notified: December 06, 2000 Updated: December 11, 2000
Affected
FreeBSD does not include LPRng in the base system. Older versions of FreeBSD included a vulnerable version of LPRng in the Ports Collection but this was corrected almost 2 months ago, prior to the release of FreeBSD 4.2. See FreeBSD Security Advisory 00:56 (ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc) for more information.
The vendor has not provided us with any further information regarding this vulnerability.
While the default FreeBSD install is not vulnerable to this issue, users runnning the LPRng included the Ports Collections prior to 4.2 should immediately upgrade to the LPRng-3.6.25 in the latest sysutils package.
Notified: December 06, 2000 Updated: December 11, 2000
Not Affected
This does not apply to HP; HP does not ship LPRng on HP-UX.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: December 06, 2000 Updated: December 11, 2000
Not Affected
IBM's AIX operating system is not vulnerable to this security exploit.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: December 06, 2000 Updated: December 11, 2000
Not Affected
Microsoft doesn't use LPRng in any of its products, so no Microsoft products are affected by the vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: December 06, 2000 Updated: December 11, 2000
Affected
NetBSD does not include LPRng in the base system; however we do have a third-party package of LPRng-3.6.8 which is vulnerable. There's work underway to upgrade it to a non-vulnerable version.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: December 06, 2000 Updated: December 07, 2000
Not Affected
openbsd does not ship lprng.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: December 05, 2000
Affected
Patrick Powell is the author responsible for development of this version of LPRng. Extract from CHANGES in LPRng-3.6.25 distribution at: [ftp://ftp.astart.com/pub/LPRng/LPRng/LPRng-3.6.25.tgz] Release LPRng 3.6.25 Tue Oct 3 09:19:11 PDT 2000 syslog Compromise - modified syslog to use 'syslog(xx,"%s", msg). gettext Compromise - added the following to Initialize(): if( getuid() == 0 || geteuid() == 0 ) unsetenv("NLSPATH"); See the various CERT advisories. Sigh...
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2000 Updated: January 27, 2003
Affected
LPRng Version 3.6.24 and earlier is vulnerable. See RHSA-2000:065 at: http://www.redhat.com/support/errata/RHSA-2000-065.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has recieved reports of this vulnerability being scanned for on systems installed with vulnerable versions of LPRng.
Notified: December 06, 2000 Updated: December 12, 2000
Not Affected
IRIX does not contain LPRng support.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: December 05, 2000
Not Affected
SuSE is not vulnerable. Please see additional comments at: http://lists.suse.com/archives/suse-security/2000-Sep/0259.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: December 05, 2000
Affected
See CSSA-2000-033.0 "format bug in LPRng" at : [http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt ]
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: December 04, 2000
Affected
See Trustix Secure Linux updates at: [http://www.trustix.net/download/Trustix/updates/1.1/RPMS/LPRng-3.6.24-1tr.i586.rpm]
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.