SCO Information for VU#274043
BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 01 Nov 2001
Caldera International, Inc. Security Advisory
Subject: OpenServer: remote buffer overflow vulnerability in BSD line printer daemon
Advisory number: CSSA-2001-SCO.20
Issue date: 2001 September 26
1. Problem Description
The BSD-derived lpd daemon is vulnerable to a buffer overflow.
This could be used by an unauthorized user to gain privilege.
2. Vulnerable Versions
Operating System Version Affected Files
OpenServer <= 5.0.6a /usr/lib/lpd
4.1 Location of Fixed Binaries
md5 is available for download from
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download the tar file to /tmp
# cd /tmp
# uncompress lpd.tar.Z
# tar xvf lpd.tar
# mv /usr/lib/lpd /usr/lib/lpd-
# mv /usr/bin/lpstat /usr/bin/lpstat-
# cp lpstat /usr/bin
# chown bin /usr/bin/lpstat
# chgrp lp /usr/bin/lpstat
# chmod 2111 /usr/bin/lpstat
# cp lpd /usr/lib
# chown root /usr/lib/lpd
# chgrp bin /usr/lib/lpd
# chmod 2711 /usr/lib/lpd
This and other advisories are located at
This advisory addresses Caldera Security internal incident
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
Caldera International wishes to thank the Internet Security
Systems (ISS) X-Force for discovering and reporting this
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.