The Line Printer daemon (lpd) shipped with AIX systems contains a buffer overflow in chk_fhost() that potentially allow a malicious remote user to gain root privileges.
A buffer overflow exists in the chk_fhost() function of the line printer daemon (lpd) on AIX systems. An intruder could exploit this vulnerability to obtain root privileges or cause a denial of service (DoS). The intruder would need control of the DNS server to exploit this vulnerability.
An intruder could exploit this vulnerability to obtain root privileges, or cause a denial of service (DoS).
IBM has released a VULNERABILITY SUMMARY. Please see the vendor statement for patches and instructions.
Vendor| Status| Date Notified| Date Updated
IBM| | -| 04 Oct 2001
Apple| | -| 09 Nov 2001
Caldera| | 04 Sep 2001| 01 Nov 2001
Cray| | -| 01 Nov 2001
Engarde| | -| 01 Nov 2001
FreeBSD| | -| 05 Nov 2001
Fujitsu| | -| 01 Nov 2001
Red Hat| | -| 08 Nov 2001
Sun| | -| 01 Nov 2001
Compaq Computer Corporation| | -| 05 Nov 2001
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
The CERT/CC wishes to thank IBM for their help in identifying and analyzing this vulnerability.
This document was written by Jason Rafail.