Info

Disclosure

Aug 29, 2001

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in multiple operating systems. The line printer daemon (lpd) fails to correctly parse an incomplete print job request, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Upgrade to FreeBSD version 4.3-STABLE or to the RELENG_4_3 security branch after the respective correction date or higher, as it has been reported to fix this vulnerability. In addition, FreeBSD has released patches for some older versions. It is also possible to correct the flaw by implementing the following workaround: killall lpd. Upgrade to NetBSD version 1.5.2 after the respective correction date or higher, as it has been reported to fix this vulnerability. In addition, NetBSD has released patches for some older versions. It is also possible to correct the flaw by implementing the following workaround: killall lpd and/or edit /etc/hosts.lpd to prevent remote connections to lpd. OpenBSD has released a patch for some older versions. Caldera/SCO has released patches for some older versions. IBM has released a patch for some older versions. Redhat has released patches for some older versions. SuSE has released patches for some older versions.

Products

FreeBSD Project	FreeBSD	2.x
		3.0
		3.1
		3.2
		3.3
		3.4
		3.5
		3.5.1
		4.0
		4.1.x
		4.2
		4.3

OpenBSD

2.x

NetBSD Foundation, Inc.	NetBSD	1.0
		1.1
		1.2.x
		1.3.x
		1.4
		1.4.1
		1.4.2
		1.4.3
		1.5
		1.5.1
		1.5.2

BSDI	BSD	2.x
		3.x
		4.0.x
		4.1

SuSE	Linux	6.3
		6.3 alpha
		6.4
		6.4 alpha
		6.4 ppc
		7.0
		7.0 alpha
		7.0 ppc
		7.0 sparc
		7.1
		7.1 alpha
		7.1 ppc
		7.1 sparc

SCO Group, Inc.	Open Server	5.0.1
		5.0.2
		5.0.3
		5.0.4
		5.0.5
		5.0.6
		5.0.6 a

International Business Machines Corporation	AIX	4.3
		5.1

Red Hat, Inc.

Linux

6.2

References

CVE ID: 2001-0670 (see also: NVD)
CERT VU: 274043
Bugtraq ID: 3252
ISS X-Force ID: 7046
CERT: CA-2001-30
Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:58.lpd.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20.1/CSSA-2001-SCO. ...... http://archives.neohapsis.com/archives/bugtraq/2001-09/0084.html
http://rhn.redhat.com/errata/RHSA-2001-147.html
http://www.openbsd.com/errata29.html
http://www.securityfocus.com/advisories/3589
Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch.asc ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-4.3.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-4.3.patch.asc ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-018-lpd.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/017_lpd.patch ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20.1/
CIAC Advisory: l-137 m-014

Credit

ISS X-Force Research - xforceiss.net - Internet Security Systems

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

FreeBSD

OpenBSD

NetBSD

BSD

Linux

Open Server

AIX

Linux

References

Credit