[87] in Security FYI


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Buffer overflow in the Solaris line printer daemon

daemon@ATHENA.MIT.EDU (Bob Mahoney)
Thu Jun 21 14:05:23 2001

Mime-Version: 1.0
Message-Id: <p05010401b757e5c6c954@[18.18.1.170]>
Date: Thu, 21 Jun 2001 14:01:22 -0400
To: security-fyi@MIT.EDU
From: Bob Mahoney <bobmah@MIT.EDU>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For those administering Solaris systems, ISS.net has announced a new 
lpd vulnerability.  Full details are at:

http://xforce.iss.net/alerts/advise80.php

Their synopsis follows.

- -Bob Mahoney, for security@mit.edu

***
Synopsis:

ISS X-Force has discovered a buffer overflow in the Solaris line printer
daemon (in.lpd) that may allow a remote or local attacker to crash the
daemon or execute arbitrary code with super user privilege. This daemon
runs with root privileges by default on all current Solaris versions.

Impact:

Solaris installs the in.lpd line printer software by default. This
vulnerability may allow a remote attacker to execute arbitrary commands
without restriction. No local access to the target system is required
to exploit this vulnerability.

Affected Versions:

Solaris 2.6
Solaris 2.6 x86
Solaris 7
Solaris 7 x86
Solaris 8
Solaris 8 x86
***

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQA/AwUBOzI2enrxxeI5xewJEQL09QCfQCL0G69ouo4hq+Xa1T52yQVh04IAoLwX
JZ212kbz76dtyBmW7tsg6/E7
=/paS
-----END PGP SIGNATURE-----


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[87] in Security FYI

Buffer overflow in the Solaris line printer daemon

daemon@ATHENA.MIT.EDU (Bob Mahoney)Thu Jun 21 14:05:23 2001

daemon@ATHENA.MIT.EDU (Bob Mahoney)
Thu Jun 21 14:05:23 2001