Solaris lp -d Option Buffer Overflow Vulnerability
BID:1143
Info
Solaris lp -d Option Buffer Overflow Vulnerability
| Bugtraq ID: | 1143 |
| Class: | Unknown |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 24 2000 12:00AM |
| Updated: | Apr 24 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list by Theodor Ragnar Gislason <[email protected]> on April 24, 2000. |
| Vulnerable: |
Sun Solaris 7.0_x86 Sun Solaris 7.0 Sun Solaris 2.6_x86 Sun Solaris 2.6 |
| Not Vulnerable: |
Sun Solaris 8_x86 Sun Solaris 8_sparc |
Discussion
Solaris lp -d Option Buffer Overflow Vulnerability
A buffer overrun has been discovered in the lp program, as included with Sun's Solaris 7 operating system. By passing well crafted, machine executable code of sufficient length to the -d option of lp, it becomes possible to execute arbitrary code as root.
A buffer overrun has been discovered in the lp program, as included with Sun's Solaris 7 operating system. By passing well crafted, machine executable code of sufficient length to the -d option of lp, it becomes possible to execute arbitrary code as root.
Exploit / POC
Solaris lp -d Option Buffer Overflow Vulnerability
An exploit has been made available.
An exploit has been made available.
Solution / Fix
Solaris lp -d Option Buffer Overflow Vulnerability
Solution:
Removal of the setuid bit will eliminate this vulnerability, but will prevent printing from working properly.
Sun Solaris 7.0_x86
Sun Solaris 2.6
Sun Solaris 7.0
Sun Solaris 2.6_x86
Solution:
Removal of the setuid bit will eliminate this vulnerability, but will prevent printing from working properly.
Sun Solaris 7.0_x86
Sun Solaris 2.6
Sun Solaris 7.0
Sun Solaris 2.6_x86
References
Solaris lp -d Option Buffer Overflow Vulnerability
References:
References: