Subject: NetBSD Security Advisory 2001-018 Remote Buffer Overflow Vulnerability in LPD
To: None <,>
From: NetBSD Security Officer <>
List: current-users
Date: 11/22/2001 11:47:47

                 NetBSD Security Advisory 2001-018

Topic:		Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon

Version:	NetBSD-current: prior to August 28, 2001
		NetBSD-1.5.2:	affected
		NetBSD-1.5.1:	affected
		NetBSD-1.5:	affected
		NetBSD-1.4.*:	affected

Severity:	Remote root compromise from any host which can connect to lpd(8)

Fixed:		NetBSD-current:		August 28, 2001
		NetBSD-1.5 branch:	September 30, 2001
		NetBSD-1.4 branch: 	not yet


There is an remotely exploitable buffer overrun in the printer daemon,

Technical Details

Solutions and Workarounds

NetBSD 1.3 and later install with lpd disabled by default.  A system is
vulnerable to this security hole only if it is running /usr/sbin/lpd,
and access to lpd is allowed by entries in /etc/hosts.lpd.  Updating
the binary for safety is recommended.

Quick workaround:
If you are running /usr/sbin/lpd, and you do not need it, stop it.
If you have /etc/hosts.lpd which is open to everyone, you will want to
tighten the setup so that no malicious parties can access your remote printer.


* NetBSD -current, 1.5, 1.5.1, 1.5.2:

	Systems running NetBSD-current dated from before 2001-08-28
	should be upgraded to NetBSD-current dated 2001-08-28 or later.

	Systems running NetBSD 1.5, 1.5.1 or 1.5.2 dated from before
	2001-09-30 should be upgraded to NetBSD-1.5 branch sources dated
	2001-09-30 or later.

	The following directory needs to be updated from the
	netbsd-current CVS branch (aka HEAD) for NetBSD-current,
	or netbsd-1-5 CVS branch for NetBSD 1.5, 1.5.1 or 1.5.2:

	To update from CVS, re-build, and re-install lpd(8):
		# cd src/usr.sbin/lpr
		# cvs update -d -P
		# make cleandir dependall install

	Alternatively, apply the following patch (with potential offset
	differences) and rebuild & re-install lpd(8):

	To patch, re-build and re-install lpd(8):
		# cd src/usr.sbin/lpr/common_sources
		# patch < /path/to/SA2001-012-lpd.patch
		# make cleandir dependall install

* NetBSD 1.4, 1.4.x:

	Systems running NetBSD-1.4.x releases should apply the following
	patch (with potential offset differences):

	To patch, re-build and re-install lpd(8):
		# cd src/usr.sbin/lpr/common_sources
		# patch < /path/to/SA2001-012-lpd.patch
		# make cleandir dependall install

	The anonymous CVS branch netbsd-1-4 should be updated with a
	fix in the near future.

Thanks To

Jun-ichiro Hagino for the original patches to -current, from a fix in

Revision History

	2001-11-22      Initial release

More Information

An up-to-date PGP signed copy of this release will be maintained at

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.

Copyright 2001, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2001-018.txt,v 1.6 2001/11/22 15:21:45 david Exp $

Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see