Subject: Re: NetBSD Security Advisory 2001-018 Remote Buffer Overflow Vulnerability
To: Perry E. Metzger <perry@wasabisystems.com>
From: Rick Kelly <rmk@toad.rmkhome.com>
List: tech-security
Date: 11/23/2001 14:04:43
Perry E. Metzger said:

>You might have wanted to mention the "-s" flag to lpd, which would be
>of use for many folks who would otherwise have to shut off lpd entirely.
>
>Note that we have "-s" set in our default flags for lpd already, and
>that the "-s" flag was added very very long ago.

All my 1.5.x and current machines are up to date, but I still have a few
1.4.x machines, including my printer spooling box. What I do is use
ipfilter to block connections to port 515 on my printer spooler and use
'lpd -s' on the other 1.4.x boxes.

-- 
Rick Kelly  rmk@rmkhome.com  www.rmkhome.com