SCO Information for VU#274043

BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request



Vendor Statement


Caldera International, Inc. Security Advisory

Subject: OpenServer: remote buffer overflow vulnerability in BSD line printer daemon
Advisory number: CSSA-2001-SCO.20
Issue date: 2001 September 26
Cross reference:

1. Problem Description

The BSD-derived lpd daemon is vulnerable to a buffer overflow.
This could be used by an unauthorized user to gain privilege.

2. Vulnerable Versions

Operating System Version Affected Files
OpenServer <= 5.0.6a /usr/lib/lpd

3. Workaround


4. OpenServer

4.1 Location of Fixed Binaries

4.2 Verification

md5 checksums:

48f989acb3a6606181575b3b765cd89e lpd.tar.Z

md5 is available for download from

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download the tar file to /tmp
# cd /tmp
# uncompress lpd.tar.Z
# tar xvf lpd.tar
# mv /usr/lib/lpd /usr/lib/lpd-
# mv /usr/bin/lpstat /usr/bin/lpstat-
# cp lpstat /usr/bin
# chown bin /usr/bin/lpstat
# chgrp lp /usr/bin/lpstat
# chmod 2111 /usr/bin/lpstat
# cp lpd /usr/lib
# chown root /usr/lib/lpd
# chgrp bin /usr/lib/lpd
# chmod 2711 /usr/lib/lpd

5. References

This and other advisories are located at

This advisory addresses Caldera Security internal incident

6. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.

7. Acknowledgements

Caldera International wishes to thank the Internet Security
Systems (ISS) X-Force for discovering and reporting this


Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.