Vulnerability Note VU#39001
lpd allows options to be passed to sendmail
Overview
The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail.
Description
The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail. These options could be used to specify another configuration file allowing an intruder to gain root access. |
Impact
An intruder may be able to gain root access. In conjunction with another vulnerability (e.g., VU#30308), this can be exploited from hosts not normally authorized to use the lpd service. |
Solution
Apply the patches, if available, from your vendor. |
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apple Computer Inc. | Unknown | - | 31 Jul 2002 |
| Caldera | Not Vulnerable | 04 Sep 2001 | 20 Apr 2002 |
| Compaq Computer Corporation | Unknown | - | 20 Apr 2002 |
| Cray Inc. | Not Vulnerable | - | 31 Jul 2002 |
| Debian | Vulnerable | - | 20 Apr 2002 |
| Engarde | Not Vulnerable | - | 20 Apr 2002 |
| FreeBSD | Not Vulnerable | - | 20 Apr 2002 |
| Fujitsu | Not Vulnerable | - | 20 Apr 2002 |
| IBM | Not Vulnerable | - | 20 Apr 2002 |
| MandrakeSoft | Vulnerable | 04 Oct 2001 | 20 Apr 2002 |
| Red Hat Inc. | Vulnerable | - | 31 Jul 2002 |
| Sun Microsystems Inc. | Vulnerable | - | 31 Jul 2002 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.kb.cert.org/vuls/id/30308
- http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
- http://www.redhat.com/support/errata/RHSA2000002-01.6.0.html
- http://www.debian.org/security/2000/20000109
Credit
The CERT/CC would like to thank @Stake, Red Hat and Debian for the information provided in their security advisories.
This document was written by Jason Rafail.
Other Information
- CVE IDs: Unknown
- Date Public: 08 Jan 2000
- Date First Published: 16 Oct 2001
- Date Last Updated: 09 Nov 2001
- Severity Metric: 14.06
- Document Revision: 13
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
