Vulnerability Note VU#274043

BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request

Original Release date: 03 Oct 2001 | Last revised: 30 Nov 2001


The line printer daemon enables various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges.


There is a buffer overflow in several implementations of in.lpd, a BSD line printer daemon. An intruder can send a specially crafted print job to the target and then request a display of the print queue to trigger the buffer overflow. The intruder may be able use this overflow to execute arbitrary commands on the system with superuser privileges.

The line printer daemon must be enabled and configured properly in order for an intruder to exploit this vulnerability. This is, however, trivial as the line printer daemon is commonly enabled to provide printing functionality. In order to exploit the buffer overflow, the intruder must launch his attack from a system that is listed in the "/etc/hosts.equiv" or "/etc/hosts.lpd" file of the target system.


An intruder can remotely execute arbitrary commands on the system with the privileges of the line printer daemon, usually root or a superuser.


Apply a patch, if available, from your vendor.

Disable the line printer daemon if there is not a patch available from your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
BSDIAffected-06 Sep 2001
FreeBSDAffected-06 Sep 2001
NETBSDAffected-30 Nov 2001
OpenBSDAffected-06 Sep 2001
Red HatAffected-08 Nov 2001
SCOAffected-01 Nov 2001
SGIAffected-01 Nov 2001
SuSEAffected-01 Nov 2001
CalderaNot Affected04 Sep 200101 Nov 2001
EngardeNot Affected-01 Nov 2001
FujitsuNot Affected-01 Nov 2001
IBMNot Affected04 Sep 200101 Nov 2001
SunNot Affected-02 Oct 2001
AppleUnknown-09 Nov 2001
Compaq Computer CorporationUnknown-05 Nov 2001
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was discovered and researched by Mark Dowd of Internet Security Systems (ISS). The CERT/CC wishes to thank ISS for the information contained in their advisory.

This document was written by Jason Rafail.

Other Information

  • CVE IDs: CAN-2001-0670
  • Date Public: 28 Aug 2001
  • Date First Published: 03 Oct 2001
  • Date Last Updated: 30 Nov 2001
  • Severity Metric: 32.22
  • Document Revision: 12


If you have feedback, comments, or additional information about this vulnerability, please send us email.