LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Buffer overflow and format string vulnerabilities in ipppd

Package(s):i4l CVE #(s):
Created:August 14, 2002 Updated:August 14, 2002
Description: The ipppd program, in the i4l package, has various buffer overflows and format string bugs. Since ipppd is installed setuid to root, attackers with appropriate group membership may be able to execute arbitrary commands as root. The i4l package for ISDN connectivity is installed by default in at least one distribution; you are vulnerable even if you do not have an ISDN connection.

The SuSE Security Team is aware of a published exploit for ipppd that gives a local attacker root privileges so you should either update the package or remove the setuid bit from ipppd.
Alerts:
SuSE SuSE-SA:2002:030 2002-08-12
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds