Date: Tue, 19 Jun 2001 17:06:43 -0700 (PDT)
From: David Foster <[email protected]>
To: [email protected]Subject: Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon
X-Force wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Internet Security Systems Security Advisory
> June 19, 2001
>
> Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon
>
> Synopsis:
>
> ISS X-Force has discovered a buffer overflow in the Solaris line printer
> daemon (in.lpd) that may allow a remote or local attacker to crash the
> daemon or execute arbitrary code with super user privilege. This daemon
> runs with root privileges by default on all current Solaris versions.
>
> Impact:
>
> Solaris installs the in.lpd line printer software by default. This
> vulnerability may allow a remote attacker to execute arbitrary commands
> without restriction. No local access to the target system is required
> to exploit this vulnerability.
>
> Affected Versions:
>
> Solaris 2.6
> Solaris 2.6 x86
> Solaris 7
> Solaris 7 x86
> Solaris 8
> Solaris 8 x86
>
> Description:
>
> The Solaris BSD print protocol daemon provides an interface for remote
> users to interact with a local printer. The in.lpd daemon listens on
> the network for remote requests on port 515. By listening for remote
> requests, there is an opportunity for a malicious user to exploit this
> vulnerability remotely. The in.lpd daemon provides extensive
> functionality to network users who intend to print documents over a
> network. There is a flaw in the ?transfer job? routine, which may
> allow attackers to overflow an unchecked buffer. Attackers may exploit
> this vulnerability to crash the printer daemon, or execute arbitrary
> code as super user on a target system.
>
> All current versions of Solaris install and enable the in.lpd daemon
> by default.
>
> Recommendations:
>
> Sun Microsystems has informed ISS X-Force that patches are in
> development and will be made available in July.
>
> Sun Microsystems has provided ISS X-Force with following patch
> information. ISS X-Force recommends installing a patch for this
> vulnerability when they are made available.
>
> 106235-09 SunOS 5.6: lp patch
> 106236-09 SunOS 5.6_x86: lp patch
> 107115-08 SunOS 5.7: LP patch
> 107116-08 SunOS 5.7_x86: LP patch
> 109320-04 SunOS 5.8: LP patch
> 109321-04 SunOS 5.8_x86: LP patch
>
> Until these patches are released, ISS X-Force recommends that the in.lpd
> daemon be disabled on all vulnerable systems. To disable the in.lpd daemon:
>
> 1. Change user to root.
> 2. Open /etc/inetd.conf in any text editor.
> 3. Search for the line beginning with ?printer?.
> 4. Insert a coment, or ?#? character at the beginning of this line.
> 5. Restart inetd.
>
> ISS X-Force recommends that all unused daemons or services be disabled
> to prevent exposure to both known and unknown vulnerabilities.
>
> ISS X-Force will provide detection and assessment support for this
> vulnerability in future X-Press Updates for ISS RealSecure and ISS
> Internet Scanner.
>
> Additional Information:
>
> The Common Vulnerabilities and Exposures (CVE) project has assigned the
> name CAN-2001-0353 to this issue. This is a candidate for inclusion in
> the CVE list (<http://cve.mitre.org>;), which standardizes names for
> security problems.
>
> ______
>
> About Internet Security Systems (ISS)
>
> Internet Security Systems is the leading global provider of security
> management solutions for the Internet, protecting digital assets and
> ensuring safe and uninterrupted e-business. With its industry-leading
> intrusion detection and vulnerability assessment, remote managed
> security services, and strategic consulting and education offerings, ISS
> is a trusted security provider to more than 8,000 customers worldwide
> including 21 of the 25 largest U.S. commercial banks and the top 10 U.S.
> telecommunications companies. Founded in 1994, ISS is headquartered in
> Atlanta, GA, with additional offices throughout North America and
> international operations in Asia, Australia, Europe, Latin America and
> the Middle East. For more information, visit the Internet Security
> Systems web site at www.iss.net or call 888-901-7477.
>
> Copyright (c) 2001 Internet Security Systems, Inc.
>
> Permission is hereby granted for the redistribution of this Alert
> electronically. It is not to be edited in any way without express
> consent of the X-Force. If you wish to reprint the whole or any part of
> this Alert in any other medium excluding electronic medium, please
> e-mail [email protected] for permission.
>
> Disclaimer
>
> The information within this paper may change without notice. Use of this
> information constitutes acceptance for use in an AS IS condition. There
> are NO warranties with regard to this information. In no event shall the
> author be liable for any damages whatsoever arising out of or in
> connection with the use or spread of this information. Any use of this
> information is at the user's own risk.
>
> X-Force PGP Key available at: http://xforce.iss.net/sensitive.php
> as well as on MIT's PGP key server and PGP.com's key server.
>
> Please send suggestions, updates, and comments to: X-Force
> [email protected] of Internet Security Systems, Inc.
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3a
> Charset: noconv
>
> iQCVAwUBOy/AazRfJiV99eG9AQGj6gP9HJegvRM72MLN8vRjNDQpqNxJ7nctC1nl
> O5iIlYtGnu2wBb69IByu6/7L9Q6gOoI3lrxNAsXtyOariaWzlagVyyiq3jaK5eGT
> NYvHIZfmJ1V7AIAtlsKglQ5gRSmNiYSIVjP9E+zXCMm/YKZt9LYE+LWPUxAQ2KZx
> UZXuld28t2M=
> =P4ho
> -----END PGP SIGNATURE-----
------------- End Forwarded Message -------------
<< All opinions expressed are mine, not the University's >>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
David Foster National Center for Microscopy and Imaging Research
Programmer/Analyst University of California, San Diego
[email protected] Department of Neuroscience, Mail 0608
(858) 534-4583 http://ncmir.ucsd.edu/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore, all progress
depends on the unreasonable." -- George Bernard Shaw
