Vulnerability Note VU#638011

HP-UX Line Printer Daemon Vulnerable to Directory Traversal

Overview

A remotely exploitable directory traversal vulnerability exists in the HP-UX line printer daemon.

I. Description

The line printer daemon (rlpdaemon) enables various clients to share printers over a network. By sending a specially crafted print request to an HP-UX host running the rlpdaemon, a local or remote attacker can create arbitrary files or directories on the target host. Intruders may find this vulnerability attractive to exploit because the line printer daemon is enabled by default to provide printing services.

II. Impact

An attacker may be able to execute arbitrary code on the target system with the privileges of the line printer daemon, typically superuser.

III. Solution

Contact HP for patches.

Workaround

Disable the line printer daemon until a patch can be applied.

Systems Affected

Vendor	Status	Date Updated
HP	Vulnerable	21-Nov-2001

References

http://xforce.iss.net/alerts/advise102.php
http://xforce.iss.net/static/7234.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=0817
http://archives.neohapsis.com/archives/hp/2001-q4/0047.html
http://www.securityfocus.com/bid/3561

Credit

This vulnerability was discovered and researched by Mark Dowd and Kris Hunt of Internet Security Systems (ISS). The CERT/CC thanks ISS for the information contained in their advisory.

This document was written by Ian A. Finlay.

Other Information

Date Public	11/20/2001
Date First Published	11/21/2001 10:20:29 AM
Date Last Updated	12/06/2001
CERT Advisory	CA-2001-32
CVE-ID(s)	CAN-2001-0817
NVD-ID(s)	CAN-2001-0817
US-CERT Technical Alerts
Metric	41.01
Document Revision	44

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader