NETBSD Information for VU#274043

BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request



Vendor Statement


NetBSD Security Advisory 2001-018

Topic: Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon

Version: NetBSD-current: prior to August 28, 2001
NetBSD-1.5.2: affected
NetBSD-1.5.1: affected
NetBSD-1.5: affected
NetBSD-1.4.*: affected

Severity: Remote root compromise from any host which can connect to lpd(8)

Fixed: NetBSD-current: August 28, 2001
NetBSD-1.5 branch: September 30, 2001
NetBSD-1.4 branch: not yet


There is an remotely exploitable buffer overrun in the printer daemon,

Technical Details

Solutions and Workarounds

NetBSD 1.3 and later install with lpd disabled by default. A system is
vulnerable to this security hole only if it is running /usr/sbin/lpd,
and access to lpd is allowed by entries in /etc/hosts.lpd. Updating
the binary for safety is recommended.

Quick workaround:
If you are running /usr/sbin/lpd, and you do not need it, stop it.
If you have /etc/hosts.lpd which is open to everyone, you will want to
tighten the setup so that no malicious parties can access your remote printer.


* NetBSD -current, 1.5, 1.5.1, 1.5.2:

Systems running NetBSD-current dated from before 2001-08-28
should be upgraded to NetBSD-current dated 2001-08-28 or later.

Systems running NetBSD 1.5, 1.5.1 or 1.5.2 dated from before
2001-09-30 should be upgraded to NetBSD-1.5 branch sources dated
2001-09-30 or later.

The following directory needs to be updated from the
netbsd-current CVS branch (aka HEAD) for NetBSD-current,
or netbsd-1-5 CVS branch for NetBSD 1.5, 1.5.1 or 1.5.2:

To update from CVS, re-build, and re-install lpd(8):
# cd src/usr.sbin/lpr
# cvs update -d -P
# make cleandir dependall install

Alternatively, apply the following patch (with potential offset
differences) and rebuild & re-install lpd(8):

To patch, re-build and re-install lpd(8):
# cd src/usr.sbin/lpr/common_sources
# patch < /path/to/SA2001-012-lpd.patch
# make cleandir dependall install

* NetBSD 1.4, 1.4.x:

Systems running NetBSD-1.4.x releases should apply the following
patch (with potential offset differences):

To patch, re-build and re-install lpd(8):
# cd src/usr.sbin/lpr/common_sources
# patch < /path/to/SA2001-012-lpd.patch
# make cleandir dependall install

The anonymous CVS branch netbsd-1-4 should be updated with a
fix in the near future.

Thanks To

Jun-ichiro Hagino for the original patches to -current, from a fix in

Revision History

2001-11-22 Initial release

More Information

An up-to-date PGP signed copy of this release will be maintained at

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.

Copyright 2001, The NetBSD Foundation, Inc. All Rights Reserved.

$NetBSD: NetBSD-SA2001-018.txt,v 1.6 2001/11/22 15:21:45 david Exp $

Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see


Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



NetBSD Version 1.5.1 and earlier have been reported vulnerable in the Internet Security Systems Advisory.

If you have feedback, comments, or additional information about this vulnerability, please send us email.