Vulnerability Note VU#230505
Cisco IOS LPD buffer overflow vulnerability
The Cisco IOS Line Printer Daemon contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition .
The Cisco IOS includes support for the UNIX Line Printer Daemon (LPD) protocol. The LPD service listens on 515/tcp and is not enabled by default.
The IOS LPD service does not properly check the length of the hostname of the router. This error may result in a buffer overflow. See Cisco Security Response Document ID: 99109 for more information about this vulnerability.
$ telnet 172.30.3.101 515
Connected to 172.30.3.101 (172.30.3.101).
Escape character is '^]'.
hostname_of_the_router: /usr/lib/lpd: Malformed from address
If the hostname is 99 characters or longer then the overflow occurs as the result of a call to the sprintf() function.
An attacker may be able to execute arbitrary code or create a denial-of-service condition .
Cisco has released an update to address this issue. See Cisco Security Response: Cisco IOS Line Printer Daemon (LPD) Protocol Stack Overflow Document ID: 99109 for more details.
The following workarounds may mitigate this vulnerability.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems, Inc.||Affected||-||13 Oct 2007|
CVSS Metrics (Learn More)
Information about this vulnerability was released by Information Risk Management.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 10 Oct 2007
- Date First Published: 13 Oct 2007
- Date Last Updated: 15 Oct 2007
- Severity Metric: 7.14
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.