[ISN] HERT Advisory #001 Buffer overflow in Solaris /usr/bin/lpstat

From: mea culpa (jerichoat_private)
Date: Wed Jan 27 1999 - 18:49:14 PST

  • Next message: mea culpa: "[ISN] Thailand unable to trace hacker"

    [Moderator: With the announcement of HERT, I will forward the first two
     (maybe three) advisories to the list so people can get a feel for them.]
    
    Forwarded From: "Anthony C . Zboralski" <aczat_private>
    
    -----BEGIN PGP SIGNED MESSAGE-----
    
    - -------------------------------------------------------------
      HERT - Hacker Emergency Response Team
      alertat_private - http://www.hert.org
    
      Advisory:        #00001
      Title:           lpstat
      Date:            26 January 1999 
      Summary:         Buffer overflow in Solaris /usr/bin/lpstat
      System affected: Solaris 2.6, 2.6_x86, 2.7, 2.7_x86
      IMPACT:          Local users may obtain root priviledge.
    - --------------------------------------------------------------
    
    Copyright (C) 1999 Hacker Emergency Response Team
    
    Permission is granted to reproduce and distribute HERT advisories in their
    entirety, provided the HERT PGP signature is included and provided the alert is used for noncommercial purposes and with the intent of increasing the aware-
    ness of the Internet community.
    
    This advisory is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    
    1. Background:
       
       The lpstat command prints information about the current
       status of the LP print service.
       
       On Solaris 2.6 and 2.7, /usr/bin/lpstat is suid root and we've found it
       to be vulnerable to a buffer overflow.
       
       Exploit code for this vulnerability is in circulation.
    
    
    2. Affected Supported versions
       
       Solaris versions:   2.7, 2.7_x86, 2.6, 2.6_x86
    
    3. Recommendations
       
       Temporary fix:
       
       chmod -s /usr/bin/lpstat
       chmod -s /usr/bin/lpq
       
       Wait for Sun to issue a patch that will correct this problem.
    
    
    To subscribe to the HERT Alert mailing list, email alertat_private
    with subscribe in the body of the message.
    
    Contact hertat_private for more information.
    The HERT PGP public key is available at ftp://ftp.hert.org/pub/HERT_PGP.key
    
    To report a vulnerability: http://www.hert.org/vul_reporting_form
    
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: latin1
    
    iQCVAwUBNq82VbiV3oeHg1NdAQH9MAQAtEDQxHaDdlDNP/B8Bl785Y4nDidgJYyR
    TZwJl/QD/0g/Q0IoX80muxw8fR2+XKnyq7qqhaI1EhC+1z0ScPjPWWOa12oKTKAG
    hFGpLdq5WdVrmHf1X9b90ZD5ov9KIsDuVxSTpUv0dPCCvxfSJb4Zdbr2+lQDjks/
    orxjIwo5jgY=
    =NG0f
    -----END PGP SIGNATURE-----
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:30 PDT