Vulnerability Note VU#388183

IBM AIX line printer daemon contains a buffer overflow in kill_print()

Overview

The Line Printer daemon (lpd) shipped with AIX systems contains a buffer overflow in kill_print() that potentially allow a malicious remote user to gain root privileges.

I. Description

A buffer overflow exists in the kill_print() function of the line printer daemon (lpd) on AIX systems. An intruder could exploit this vulnerability to obtain root privileges or cause a denial of service (DoS). The intruder would need to be listed in the victim's /etc/hosts.lpd or /etc/hosts.equiv file, however, to exploit this vulnerability.

II. Impact

An intruder could exploit this vulnerability to obtain root privileges, or cause a denial of service (DoS).

III. Solution

IBM has released a VULNERABILITY SUMMARY. Please see the vendor statement for patches and instructions.

Systems Affected

Vendor	Status	Date Notified
Apple	Not Vulnerable	9-Nov-2001
Caldera	Not Vulnerable	1-Nov-2001
Compaq Computer Corporation	Unknown	5-Nov-2001
Cray	Not Vulnerable	1-Nov-2001
Engarde	Not Vulnerable	1-Nov-2001
FreeBSD	Not Vulnerable	5-Nov-2001
Fujitsu	Not Vulnerable	1-Nov-2001
IBM	Vulnerable	16-Oct-2001
Red Hat	Not Vulnerable	8-Nov-2001
Sun	Not Vulnerable	1-Nov-2001

References

http://www.uniras.gov.uk/l1/l2/l3/brief2001/UNIRAS%20Briefing%20-%2016301%20-%20IBM%20%20-%20Buffer%20Overflow%20Vulnerabilities%20in%20lpd.txt
http://archives.neohapsis.com/archives/bugtraq/2001-09/0084.html

Credit

The CERT/CC wishes to thank IBM for their help in identifying and analyzing this vulnerability.

This document was written by Jason Rafail.

Other Information

Date Public:	2001-09-11
Date First Published:	2001-10-16
Date Last Updated:	2002-01-03
CERT Advisory:
CVE-ID(s):	CAN-2001-0671
NVD-ID(s):	CAN-2001-0671
US-CERT Technical Alerts:
Metric:	9.84
Document Revision:	12

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader