rpcclient command has format string bug. $ grep % /etc/hosts 127.0.0.1 test%n%n%n%n $ rpcclient -c "printercmp a b" "test%n%n%n%n" Password: Segmentation fault In cmd_spoolss_printercmp() rpcclient/cmd_spoolss.c:2619 fstr_sprintf( servername1, cli->cli->desthost ); Should use fstrcpy(). I think this is not security issue. This command is not setuid.
Pushed, thanks! Volker