Subject: Re: NetBSD Security Advisory 2001-018 Remote Buffer Overflow Vulnerability in LPD
To: None <security-officer@netbsd.org>
From: Perry E. Metzger <perry@wasabisystems.com>
List: current-users
Date: 11/23/2001 11:36:46
NetBSD Security Officer <security-officer@netbsd.org> writes:
> Quick workaround:
> If you are running /usr/sbin/lpd, and you do not need it, stop it.
> If you have /etc/hosts.lpd which is open to everyone, you will want to
> tighten the setup so that no malicious parties can access your
> remote printer.

You might have wanted to mention the "-s" flag to lpd, which would be
of use for many folks who would otherwise have to shut off lpd entirely.

Note that we have "-s" set in our default flags for lpd already, and
that the "-s" flag was added very very long ago.

Perry
--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD Development, Support & CDs. http://www.wasabisystems.com/