SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

 

Vulnerability Note VU#274043

BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request

Overview

The line printer daemon enables various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges.

I. Description

There is a buffer overflow in several implementations of in.lpd, a BSD line printer daemon. An intruder can send a specially crafted print job to the target and then request a display of the print queue to trigger the buffer overflow. The intruder may be able use this overflow to execute arbitrary commands on the system with superuser privileges.

The line printer daemon must be enabled and configured properly in order for an intruder to exploit this vulnerability. This is, however, trivial as the line printer daemon is commonly enabled to provide printing functionality. In order to exploit the buffer overflow, the intruder must launch his attack from a system that is listed in the "/etc/hosts.equiv" or "/etc/hosts.lpd" file of the target system.

II. Impact

An intruder can remotely execute arbitrary commands on the system with the privileges of the line printer daemon, usually root or a superuser.

III. Solution

Apply a patch, if available, from your vendor.

Disable the line printer daemon if there is not a patch available from your vendor.

Systems Affected

VendorStatusDate NotifiedDate Updated
AppleUnknown9-Nov-2001
BSDIVulnerable6-Sep-2001
CalderaNot Vulnerable1-Nov-2001
Compaq Computer CorporationUnknown5-Nov-2001
CrayUnknown15-Oct-2001
EngardeNot Vulnerable1-Nov-2001
FreeBSDVulnerable6-Sep-2001
FujitsuNot Vulnerable1-Nov-2001
IBMNot Vulnerable1-Nov-2001
NETBSDVulnerable30-Nov-2001
OpenBSDVulnerable6-Sep-2001
Red HatVulnerable8-Nov-2001
SCOVulnerable1-Nov-2001
SGIVulnerable1-Nov-2001
SunNot Vulnerable2-Oct-2001
SuSEVulnerable1-Nov-2001

References

VU#966075
http://xforce.iss.net/alerts/advise94.php
http://www.securityfocus.com/bid/3252
http://www.BSDI.COM/services/support/patches/patches-4.1/M410-044
http://www.openbsd.com/errata.html
http://www.netbsd.org/security
http://www.freebsd.org/security

Credit

This vulnerability was discovered and researched by Mark Dowd of Internet Security Systems (ISS). The CERT/CC wishes to thank ISS for the information contained in their advisory.

This document was written by Jason Rafail.

Other Information

Date Public:2001-08-28
Date First Published:2001-10-03
Date Last Updated:2001-11-30
CERT Advisory: 
CVE-ID(s):CAN-2001-0670
NVD-ID(s):CAN-2001-0670
US-CERT Technical Alerts: 
Metric:32.22
Document Revision:12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader