Test ID:	1.3.6.1.4.1.25623.1.0.10522
Category:	Gain a shell remotely
Title:	LPRng malformed input
Summary:	Checks for a vulnerable version of LPRng
Description:	LPRng seems to be running. This daemon has a flaw (until version 3.6.24 at least) that would let anyone to remotely execute arbitrary commands on the server. *** Nessus could not remotely determine with certainty that the version of LPRng this machine is running is vulnerable or not. Solution: Make sure that you are running version 3.6.25 or newer and filter incoming connections to TCP port 515. Risk factor : High
Cross-Ref:	BugTraq ID: 1712 Common Vulnerability Exposure (CVE) ID: CVE-2000-0917 Bugtraq: 20000925 Format strings: bug #2: LPRng (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html http://www.cert.org/advisories/CA-2000-22.html Caldera Security Advisory: CSSA-2000-033.0 http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt http://www.redhat.com/support/errata/RHSA-2000-065.html FreeBSD Security Advisory: FreeBSD-SA-00:56 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc XForce ISS Database: lprng-format-string http://xforce.iss.net/static/5287.php http://www.securityfocus.com/bid/1712
Copyright	This script is Copyright (C) 2000 Renaud Deraison

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: