|
|
|
![]() |
Vulnerability Note VU#966075HP-UX vulnerable to buffer overflow in line printer daemon (rlpdaemon) via crafted print requestOverviewThe line printer daemon (rlpdaemon) on HP-UX systems enable various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges.I. DescriptionA buffer overflow exists in HP-UX's line printer daemon (rlpdaemon) that may allow an intruder to execute arbitrary code with superuser privilege on the target system. The rlpdaemon is installed by default and is active even if it is not being used. An intruder does not need any prior knowledge, or privileges on the target system in order to exploit this vulnerability.II. ImpactAn intruder can execute arbitrary commands.III. SolutionHewlett-Packard has released HPSBUX0108-163 to address this issue. Please see the vendor statement for instructions and patches.Systems Affected
References
This vulnerability was discovered and researched by Chris Spencer of Internet Security Systems (ISS). The CERT/CC wishes to thank ISS for the information contained in their advisory. This document was written by Jason Rafail.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||