Synthetic data for lpr were collected at UNM on Sun SPARCstations
running unpatched SunOS 4.1.4 with the included lpr.
We used strace to collect the data. Experiments on this data
are reported in our Journal of Computer Security
Use the original SunOS mapping file for these traces.
lprcp intrusion: The lprcp attack script uses lpr to replace the
of an arbitrary file with those of another. This attack exploits the
fact that older versions of lpr use only 1000 different names for
printer queue files, and they do not remove the old queue files before
reusing them. The attack produces 1001 traces. In the first trace,
lpr places a symbolic link to the victim file in the queue. The
middle traces advance lpr's counter, until on the last trace,
the victim file can be overwritten with the attacker's own material.
8LGM Advisory: look for [8lgm]-advisory-3.unix.lpr.19-aug-1991.
intrusion trace data