Operating System: NetBSD 1.2 alpha
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1520      

Phil Nelson wrote
> 
> 
> I am running NetBSD/i386 1.2 on a machine providing network printing.
> (It has the printer and other machines send their jobs to it.)
> 
> Recently it has started having lpd run many, many copies of lpd to the
> point where the machine quits responding.
> 
> Has anyone seen this happen before?
> 

G'day,

I found this yesterday in one of my subscribed newsgroups which may be
related...

cheerio Berndt


-------------------------------- snip ------------------------------

Mon, 03 Mar 1997 08:17:10apana.lists.os.netbsd.general      Thread
31 of   38
Lines 70                    Security hole in lpr            1 Response
< rickb@iaw.on.ca                           Rick Byers at APANA
< mail-news gateway
<
< Hi There,
< I just caught someone tryting to exploit a hole in lpr on our NetBSD
1.2
< machine.  I've got the source code of what he was trying, but I don't
want
< to post it incase it gets into the wrong hands...
<
< Basically, he was utilizing a buffer overflow in lpr by calling
lpr -C bigbuf
<
< where bigbuff was a string that would eventually cause a root shell to
get
< called.  As far as I can tell (accounting logs) he was NOT successfull.
< tried it on my machine at home, and it just said "unknown printer". I've
< just been looking at the source code though, and here is where i've
< narrowed it down to:

-------------------------------- snip ------------------------------

-- 
Name	: Berndt Josef Wulf
E-Mail	: wulf@ping.net.au
Sysinfo	: DEC AXPpci33+, NetBSD-1.2