lpd allows options to be passed to sendmail

2001-10-16T00:00:00
ID VU:39001
Type cert
Reporter CERT
Modified 2001-11-09T00:00:00

Description

Overview

The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail.

Description

The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail. These options could be used to specify another configuration file allowing an intruder to gain root access.


Impact

An intruder may be able to gain root access. In conjunction with another vulnerability (e.g., VU#30308), this can be exploited from hosts not normally authorized to use the lpd service.


Solution

Apply the patches, if available, from your vendor.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Debian| | -| 04 Oct 2001
MandrakeSoft| | 04 Oct 2001| 30 Oct 2001
Red Hat Inc.| | -| 04 Oct 2001
Sun Microsystems Inc.| | -| 31 Jul 2002
Caldera| | 04 Sep 2001| 30 Oct 2001
Cray Inc.| | -| 30 Oct 2001
Engarde| | -| 30 Oct 2001
FreeBSD| | -| 05 Nov 2001
Fujitsu| | -| 31 Oct 2001
IBM| | -| 30 Oct 2001
Apple Computer Inc.| | -| 09 Nov 2001
Compaq Computer Corporation| | -| 05 Nov 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.kb.cert.org/vuls/id/30308>
  • <http://www.atstake.com/research/advisories/2000/lpd_advisory.txt>
  • <http://www.redhat.com/support/errata/RHSA2000002-01.6.0.html>
  • <http://www.debian.org/security/2000/20000109>

Credit

The CERT/CC would like to thank @Stake, Red Hat and Debian for the information provided in their security advisories.

This document was written by Jason Rafail.

Other Information

  • CVE IDs: Unknown
  • Date Public: 08 Jan 2000
  • Date First Published: 16 Oct 2001
  • Date Last Updated: 09 Nov 2001
  • Severity Metric: 14.06
  • Document Revision: 13