Sun lpd vulnerability
New (3.3.3)
Impact
A remote user could execute arbitrary code on a properly configured
print server.
Background
By default, Solaris operating systems are installed with
the in.lpd process running.
The in.lpd process is a UNIX daemon that accepts print
requests from local and remote users.
The Problem
Due to a buffer overflow in the transfer job routine,
in.lpd can be exploited by a remote attacker
to execute arbitrary code with root privileges on the
server.
Solaris 2.6, 7, and 8 (SunOS 5.6, 5.7, and 5.8) are affected by
this vulnerability.
Resolution
If print service is not needed, disable in.lpd.
This can be done by finding the line in /etc/inetd.conf
which begins with the word printer and inserting
a pound sign (#) at the beginning of the line.
Be sure to restart the inetd process afterwards.
If print service is required, the vulnerability can be fixed by applying the appropriate
patch. Patches are scheduled to be released in July, 2001. If a patch is not
yet available, it is recommended that access to TCP port 515 on the
server be denied from the firewall or gateway router. The patches
for this vulnerability are:
106235-09 SunOS 5.6: lp patch
106236-09 SunOS 5.6_x86: lp patch
107115-08 SunOS 5.7: LP patch
107116-08 SunOS 5.7_x86: LP patch
109320-04 SunOS 5.8: LP patch
109321-04 SunOS 5.8_x86: LP patch
Where can I read more about this?
Details on this vulnerability can be found in X-Force
Alert 80. Also, check SunSolve
for a Security Bulletin on this vulnerability.