X-Force wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Internet Security Systems Security Advisory > June 19, 2001 > > Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon > > Synopsis: > > ISS X-Force has discovered a buffer overflow in the Solaris line printer > daemon (in.lpd) that may allow a remote or local attacker to crash the > daemon or execute arbitrary code with super user privilege. This daemon > runs with root privileges by default on all current Solaris versions. > > Impact: > > Solaris installs the in.lpd line printer software by default. This > vulnerability may allow a remote attacker to execute arbitrary commands > without restriction. No local access to the target system is required > to exploit this vulnerability. > > Affected Versions: > > Solaris 2.6 > Solaris 2.6 x86 > Solaris 7 > Solaris 7 x86 > Solaris 8 > Solaris 8 x86 > > Description: > > The Solaris BSD print protocol daemon provides an interface for remote > users to interact with a local printer. The in.lpd daemon listens on > the network for remote requests on port 515. By listening for remote > requests, there is an opportunity for a malicious user to exploit this > vulnerability remotely. The in.lpd daemon provides extensive > functionality to network users who intend to print documents over a > network. There is a flaw in the ?transfer job? routine, which may > allow attackers to overflow an unchecked buffer. Attackers may exploit > this vulnerability to crash the printer daemon, or execute arbitrary > code as super user on a target system. > > All current versions of Solaris install and enable the in.lpd daemon > by default. > > Recommendations: > > Sun Microsystems has informed ISS X-Force that patches are in > development and will be made available in July. > > Sun Microsystems has provided ISS X-Force with following patch > information. ISS X-Force recommends installing a patch for this > vulnerability when they are made available. > > 106235-09 SunOS 5.6: lp patch > 106236-09 SunOS 5.6_x86: lp patch > 107115-08 SunOS 5.7: LP patch > 107116-08 SunOS 5.7_x86: LP patch > 109320-04 SunOS 5.8: LP patch > 109321-04 SunOS 5.8_x86: LP patch > > Until these patches are released, ISS X-Force recommends that the in.lpd > daemon be disabled on all vulnerable systems. To disable the in.lpd daemon: > > 1. Change user to root. > 2. Open /etc/inetd.conf in any text editor. > 3. Search for the line beginning with ?printer?. > 4. Insert a coment, or ?#? character at the beginning of this line. > 5. Restart inetd. > > ISS X-Force recommends that all unused daemons or services be disabled > to prevent exposure to both known and unknown vulnerabilities. > > ISS X-Force will provide detection and assessment support for this > vulnerability in future X-Press Updates for ISS RealSecure and ISS > Internet Scanner. > > Additional Information: > > The Common Vulnerabilities and Exposures (CVE) project has assigned the > name CAN-2001-0353 to this issue. This is a candidate for inclusion in > the CVE list (<http://cve.mitre.org>), which standardizes names for > security problems. > > ______ > > About Internet Security Systems (ISS) > > Internet Security Systems is the leading global provider of security > management solutions for the Internet, protecting digital assets and > ensuring safe and uninterrupted e-business. With its industry-leading > intrusion detection and vulnerability assessment, remote managed > security services, and strategic consulting and education offerings, ISS > is a trusted security provider to more than 8,000 customers worldwide > including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. > telecommunications companies. Founded in 1994, ISS is headquartered in > Atlanta, GA, with additional offices throughout North America and > international operations in Asia, Australia, Europe, Latin America and > the Middle East. For more information, visit the Internet Security > Systems web site at www.iss.net or call 888-901-7477. > > Copyright (c) 2001 Internet Security Systems, Inc. > > Permission is hereby granted for the redistribution of this Alert > electronically. It is not to be edited in any way without express > consent of the X-Force. If you wish to reprint the whole or any part of > this Alert in any other medium excluding electronic medium, please > e-mail xforceat_private for permission. > > Disclaimer > > The information within this paper may change without notice. Use of this > information constitutes acceptance for use in an AS IS condition. There > are NO warranties with regard to this information. In no event shall the > author be liable for any damages whatsoever arising out of or in > connection with the use or spread of this information. Any use of this > information is at the user's own risk. > > X-Force PGP Key available at: http://xforce.iss.net/sensitive.php > as well as on MIT's PGP key server and PGP.com's key server. > > Please send suggestions, updates, and comments to: X-Force > xforceat_private of Internet Security Systems, Inc. > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3a > Charset: noconv > > iQCVAwUBOy/AazRfJiV99eG9AQGj6gP9HJegvRM72MLN8vRjNDQpqNxJ7nctC1nl > O5iIlYtGnu2wBb69IByu6/7L9Q6gOoI3lrxNAsXtyOariaWzlagVyyiq3jaK5eGT > NYvHIZfmJ1V7AIAtlsKglQ5gRSmNiYSIVjP9E+zXCMm/YKZt9LYE+LWPUxAQ2KZx > UZXuld28t2M= > =P4ho > -----END PGP SIGNATURE----- ------------- End Forwarded Message ------------- << All opinions expressed are mine, not the University's >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= David Foster National Center for Microscopy and Imaging Research Programmer/Analyst University of California, San Diego dfosterat_private Department of Neuroscience, Mail 0608 (858) 534-4583 http://ncmir.ucsd.edu/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable." -- George Bernard Shaw
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 20:18:10 PDT