Subject: Re: [Fwd: ISS Advisory: Remote Buffer Overflow Vulnerability in BSD
To: Emre Yildirim <emre@asper.org>
From: Rick Kelly <rmk@toad.rmkhome.com>
List: netbsd-users
Date: 08/29/2001 18:33:17
Emre Yildirim said:
>Is the 1.5X snapshot vulnerable to this?
>Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon
>NetBSD 1.5.1 and earlier
On my boxes that need to print, I made sure they are all running
"lpd -s", which doesn't listen on the printer port and only uses
UNIX domain sockets.
On my print server, I set up a couple of ipf rules:
#
# Block print requests from the internet
# Allow print requests from rmkhome.com domain
#
block in log on ex0 proto tcp from any to any port = 515
pass in quick on ex0 proto tcp from 216.17.154.224/27 to any port = 515
--
Rick Kelly rmk@rmkhome.com www.rmkhome.com