IRIX lpsched Long Argument Local Overflow

2001-09-01T00:00:00
ID OSVDB:8572
Type osvdb
Reporter Last Stage of Delirium Research Group(contact@lsd-pl.net)
Modified 2001-09-01T00:00:00

Description

Vulnerability Description

A remote overflow exists in IRIX. The lpsched fails to check bounds resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code on the system with root privileges, resulting in a loss of integrity.

Solution Description

Silicon Graphics, Inc. has released patches to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround: remove the printing subsystems.

/etc/init.d/bsdlpr stop

/etc/init.d/lp stop

versions remove print.sw.*

Short Description

A remote overflow exists in IRIX. The lpsched fails to check bounds resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code on the system with root privileges, resulting in a loss of integrity.

References:

Vendor URL: http://www.sgi.com Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/ Vendor Specific Advisory URL ISS X-Force ID: 7641 CVE-2001-0799