| VID |
23040 |
| Severity |
40 |
| Port |
515 |
| Protocol |
TCP |
| Class |
LPD |
| Detailed Description |
The Solaris lpd is vulnerable to a remote command execution vulnerability.
The print protocol daemon, 'in.lpd' (or 'lpd'), shipped with Solaris may allow for remote attackers to execute arbitrary commands on target hosts with root privileges. The alleged vulnerability is different the buffer overflow vulnerability discovered by ISS. It has been reported that it is possible to execute commands on target hosts through lpd by manipulating the use of sendmail by the daemon.
This vulnerability is very similar to one mentioned in NAI advisory NAI-0020.
* Note: A valid printer does NOT need to be configured to exploit this vulnerability.
* References:
http://www.securityfocus.com/advisories/289
http://www.geocities.com/entrelaspiernas/
* Platforms Affected:
Sun Solaris Any version |
| Recommendation |
No upgrade or patch available as of June 2014. Administrators are STRONGLY urged to disable or completely block the LPD service immediately.
To disable the in.lpd service:
1. Comment out the line corresponding to 'printer' in the /etc/inetd.conf file.
2. Revoke the inetd process as the following command:
kill -HUP <inetd process id> |
| Related URL |
CVE-2001-1583 (CVE) |
| Related URL |
3274 (SecurityFocus) |
| Related URL |
7087 (ISS) |
|
