Vulnerability Note VU#966075
HP-UX vulnerable to buffer overflow in line printer daemon (rlpdaemon) via crafted print request
Overview
The line printer daemon (rlpdaemon) on HP-UX systems enable various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges.
Description
A buffer overflow exists in HP-UX's line printer daemon (rlpdaemon) that may allow an intruder to execute arbitrary code with superuser privilege on the target system. The rlpdaemon is installed by default and is active even if it is not being used. An intruder does not need any prior knowledge, or privileges on the target system in order to exploit this vulnerability. |
Impact
An intruder can execute arbitrary commands. |
Solution
Hewlett-Packard has released HPSBUX0108-163 to address this issue. Please see the vendor statement for instructions and patches. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Hewlett Packard | Affected | - | 04 Oct 2001 |
| Apple | Not Affected | 04 Sep 2001 | 01 Nov 2001 |
| Caldera | Not Affected | 04 Sep 2001 | 31 Oct 2001 |
| Cray | Not Affected | - | 01 Nov 2001 |
| Engarde | Not Affected | - | 01 Nov 2001 |
| FreeBSD | Not Affected | - | 05 Nov 2001 |
| Fujitsu | Not Affected | - | 31 Oct 2001 |
| IBM | Not Affected | - | 31 Oct 2001 |
| Red Hat | Not Affected | - | 08 Nov 2001 |
| Sun | Not Affected | - | 01 Nov 2001 |
| Compaq Computer Corporation | Unknown | - | 05 Nov 2001 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.securityfocus.com/bid/3240
- http://xforce.iss.net/alerts/advise93.php
- http://itrc.hp.com
- http://www.ciac.org/ciac/bulletins/l-134.shtml
Credit
This vulnerability was discovered and researched by Chris Spencer of Internet Security Systems (ISS). The CERT/CC wishes to thank ISS for the information contained in their advisory.
This document was written by Jason Rafail.
Other Information
- CVE IDs: CAN-2001-0668
- Date Public: 27 Aug 2001
- Date First Published: 16 Oct 2001
- Date Last Updated: 09 Nov 2001
- Severity Metric: 18.75
- Document Revision: 9
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.