Vulnerability Note VU#274043
BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request
The line printer daemon enables various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges.
There is a buffer overflow in several implementations of in.lpd, a BSD line printer daemon. An intruder can send a specially crafted print job to the target and then request a display of the print queue to trigger the buffer overflow. The intruder may be able use this overflow to execute arbitrary commands on the system with superuser privileges.
The line printer daemon must be enabled and configured properly in order for an intruder to exploit this vulnerability. This is, however, trivial as the line printer daemon is commonly enabled to provide printing functionality. In order to exploit the buffer overflow, the intruder must launch his attack from a system that is listed in the "/etc/hosts.equiv" or "/etc/hosts.lpd" file of the target system.
An intruder can remotely execute arbitrary commands on the system with the privileges of the line printer daemon, usually root or a superuser.
Apply a patch, if available, from your vendor.
Disable the line printer daemon if there is not a patch available from your vendor.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|BSDI||Affected||-||06 Sep 2001|
|FreeBSD||Affected||-||06 Sep 2001|
|NETBSD||Affected||-||30 Nov 2001|
|OpenBSD||Affected||-||06 Sep 2001|
|Red Hat||Affected||-||08 Nov 2001|
|SCO||Affected||-||01 Nov 2001|
|SGI||Affected||-||01 Nov 2001|
|SuSE||Affected||-||01 Nov 2001|
|Caldera||Not Affected||04 Sep 2001||01 Nov 2001|
|Engarde||Not Affected||-||01 Nov 2001|
|Fujitsu||Not Affected||-||01 Nov 2001|
|IBM||Not Affected||04 Sep 2001||01 Nov 2001|
|Sun||Not Affected||-||02 Oct 2001|
|Apple||Unknown||-||09 Nov 2001|
|Compaq Computer Corporation||Unknown||-||05 Nov 2001|
CVSS Metrics (Learn More)
This vulnerability was discovered and researched by Mark Dowd of Internet Security Systems (ISS). The CERT/CC wishes to thank ISS for the information contained in their advisory.
This document was written by Jason Rafail.
- CVE IDs: CAN-2001-0670
- Date Public: 28 Aug 2001
- Date First Published: 03 Oct 2001
- Date Last Updated: 30 Nov 2001
- Severity Metric: 32.22
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.