Vulnerabilities > CVE-2002-0378 - Remote Print Submission vulnerability in Astart Technologies Lprng 3.7.4/3.8.9
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-120.NASL description The LPRng print spooler, as shipped in Red Hat Linux Advanced Server 2.1, accepts all remote print jobs by default. Updated LPRng packages are available to fix this issue. With its default configuration, LPRng will accept job submissions from any host, which is not appropriate in a workstation environment. We are grateful to Matthew Caron for pointing out this configuration problem. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0378 to this issue. The updated packages from this advisory change the job submission policy (in /etc/lpd.perms) so that jobs from remote hosts are refused by default. Those running print servers may want to adjust this policy as appropriate, for example to give access to certain hosts or subnets. For details on how to do this, see the lpd.perms(5) man page. Please note that default installations of Red Hat Linux Advanced Server 2.1 include ipchains rules blocking remote access to the print spooler IP port; as a result those installations already reject remote job submissions. NOTE: There are special instructions for installing this update at the end of the last seen 2020-06-01 modified 2020-06-02 plugin id 12631 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12631 title RHEL 2.1 : LPRng (RHSA-2002:120) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2002:120. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12631); script_version ("1.20"); script_cvs_date("Date: 2019/10/25 13:36:09"); script_cve_id("CVE-2002-0378"); script_xref(name:"RHSA", value:"2002:120"); script_name(english:"RHEL 2.1 : LPRng (RHSA-2002:120)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "The LPRng print spooler, as shipped in Red Hat Linux Advanced Server 2.1, accepts all remote print jobs by default. Updated LPRng packages are available to fix this issue. With its default configuration, LPRng will accept job submissions from any host, which is not appropriate in a workstation environment. We are grateful to Matthew Caron for pointing out this configuration problem. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0378 to this issue. The updated packages from this advisory change the job submission policy (in /etc/lpd.perms) so that jobs from remote hosts are refused by default. Those running print servers may want to adjust this policy as appropriate, for example to give access to certain hosts or subnets. For details on how to do this, see the lpd.perms(5) man page. Please note that default installations of Red Hat Linux Advanced Server 2.1 include ipchains rules blocking remote access to the print spooler IP port; as a result those installations already reject remote job submissions. NOTE: There are special instructions for installing this update at the end of the 'Solution' section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-0378" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2002:120" ); script_set_attribute(attribute:"solution", value:"Update the affected LPRng package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:LPRng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2002/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2002:120"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"LPRng-3.7.4-28.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LPRng"); } }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-042.NASL description Matthew Caron pointed out that using the LPRng default configuration, the lpd daemon will accept job submissions from any remote host. These updated LPRng packages modify the job submission policy in /etc/lpd.perms to refuse print jobs from remote hosts by default. last seen 2020-06-01 modified 2020-06-02 plugin id 13946 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13946 title Mandrake Linux Security Advisory : LPRng (MDKSA-2002:042) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:042. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13946); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0378"); script_xref(name:"MDKSA", value:"2002:042"); script_name(english:"Mandrake Linux Security Advisory : LPRng (MDKSA-2002:042)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Matthew Caron pointed out that using the LPRng default configuration, the lpd daemon will accept job submissions from any remote host. These updated LPRng packages modify the job submission policy in /etc/lpd.perms to refuse print jobs from remote hosts by default." ); script_set_attribute(attribute:"solution", value:"Update the affected LPRng package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:LPRng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/07/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"LPRng-3.7.4-7.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"LPRng-3.8.6-2.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
advisories |
|