Re: Strange errors in /var/log/messages

Date: Mon Jul 02 2001 - 14:51:44 EST

On Mon, 2 Jul 2001, Guest section DW wrote:

> On Mon, Jul 02, 2001 at 05:16:23PM +0100, Alan Cox wrote:
> > > I'm running RedHat 7.0 with all official RH patches applied. The kernel I
> > > currently run fow a few days is 2.2.19-7.0.8
> > > I run the pre-compiled kernel of RH. Suddenly I the following messages:
> > >
> > > Jul 2 15:12:16 gateway SERVER[1240]: Dispatch_input: bad request line
> > > 00$nsecurity.%301$n%302$n%.192u%303$n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22
> > These are for an application. Not sure which or why
> See CERT Advisory CA-2000-22
> "A popular replacement software package to the BSD lpd printing service
> called LPRng contains at least one software defect, known as a "format string
> vulnerability," which may allow remote users to execute arbitrary code on
> vulnerable systems."

I just read the article. It seems somebody tried to exploid a bug in
LPRng. Unfortunately I didn't check the TCP/IP connections at the time of
attack (with netstat), so I couldn't tell who was connected to port 515.
The article suggest upgrading to 3.6.25. I'm currenlty running 3.7.4-23.
I assume I'm not vulnerable, but those 'errors' in the logfile really
scared the heck out of me! :) To be certain, I just blocked poort 515 for
outbound connections. :)

Bye the way, sorry this message was off-topic, but I didn't know it was a
LPRng issue, not a kernel issue.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sat Jul 07 2001 - 21:00:10 EST