15 lines
No EOL
883 B
Text
15 lines
No EOL
883 B
Text
source: http://www.securityfocus.com/bid/3274/info
|
|
|
|
The print protocol daemon, 'in.lpd' (or 'lpd'), shipped with Solaris may allow for remote attackers to execute arbitrary commands on target hosts with superuser privileges.
|
|
|
|
The alleged vulnerability is not the buffer overflow discovered by ISS.
|
|
|
|
It has been reported that it is possible to execute commands on target hosts through lpd by manipulating the use of sendmail by the daemon.
|
|
|
|
If this vulnerability is successfully exploited, remote attackers can execute any command on the target host with superuser privileges.
|
|
|
|
This vulnerability is very similar to one mentioned in NAI advisory NAI-0020.
|
|
|
|
NOTE: It has been reported that a valid printer does NOT need to be configured to exploit this vulnerability.
|
|
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/21097.tar.gz |