Vulnerability Note VU#722143

IBM AIX line printer daemon contains a buffer overflow in send_status()

Overview

The Line Printer daemon (lpd) shipped with AIX systems contains a buffer overflow in send_status() that potentially allow a malicious remote user to gain root privileges.

I. Description

A buffer overflow exists in the send_status() function of the line printer daemon (lpd) on AIX systems. An intruder could exploit this vulnerability to obtain root privileges or cause a denial of service (DoS). The intruder would need to be listed in the victim's /etc/hosts.lpd or /etc/hosts.equiv file, however, to exploit this vulnerability.

II. Impact

An intruder could exploit this vulnerability to obtain root privileges, or cause a denial of service (DoS).

III. Solution

IBM has released a VULNERABILITY SUMMARY. Please see the vendor statement for patches and instructions.

Systems Affected

Vendor	Status	Date Updated
Apple	Not Vulnerable	9-Nov-2001
Caldera	Not Vulnerable	1-Nov-2001
Compaq Computer Corporation	Unknown	5-Nov-2001
Cray	Not Vulnerable	1-Nov-2001
Engarde	Not Vulnerable	1-Nov-2001
FreeBSD	Not Vulnerable	5-Nov-2001
Fujitsu	Not Vulnerable	1-Nov-2001
IBM	Vulnerable	4-Oct-2001
Red Hat	Not Vulnerable	8-Nov-2001
Sun	Not Vulnerable	1-Nov-2001

References

http://www.uniras.gov.uk/l1/l2/l3/brief2001/UNIRAS%20Briefing%20-%2016301%20-%20IBM%20%20-%20Buffer%20Overflow%20Vulnerabilities%20in%20lpd.txt
http://archives.neohapsis.com/archives/bugtraq/2001-09/0084.html

Credit

The CERT/CC wishes to thank IBM for their help in identifying and analyzing this vulnerability.

This document was written by Jason Rafail.

Other Information

Date Public	09/11/2001
Date First Published	10/16/2001 03:02:35 PM
Date Last Updated	11/09/2001
CERT Advisory
CVE-ID(s)	CAN-2001-0671
NVD-ID(s)	CAN-2001-0671
US-CERT Technical Alerts
Metric	9.84
Document Revision	12

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader