Solaris netpr Buffer Overflow Vulnerability
BID:1200
Info
Solaris netpr Buffer Overflow Vulnerability
| Bugtraq ID: | 1200 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 12 2000 12:00AM |
| Updated: | May 12 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on May 12, 2000 by Anonymous <[email protected]> |
| Vulnerable: |
Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 7.0_x86 Sun Solaris 7.0 Sun Solaris 2.6_x86 Sun Solaris 2.6 |
| Not Vulnerable: | |
Discussion
Solaris netpr Buffer Overflow Vulnerability
A buffer overrun exists in the 'netpr' program, part of the SUNWpcu (LP) package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as being vulnerable. The overflow is present in the -p option, normally used to specify a printer. By specifying a long buffer containing machine executable code, it is possible to execute arbitrary commands as root. On Sparc, the exploits provided will spawn a root shell, whereas on x86 it will create a setuid root shell in /tmp.
A buffer overrun exists in the 'netpr' program, part of the SUNWpcu (LP) package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as being vulnerable. The overflow is present in the -p option, normally used to specify a printer. By specifying a long buffer containing machine executable code, it is possible to execute arbitrary commands as root. On Sparc, the exploits provided will spawn a root shell, whereas on x86 it will create a setuid root shell in /tmp.
Solution / Fix
Solaris netpr Buffer Overflow Vulnerability
Solution:
Checksums for these patches available at: ftp://sunsolve.sun.com/pub/patches/CHECKSUMS
Sun Solaris 7.0_x86
Sun Solaris 2.6
Sun Solaris 7.0
Sun Solaris 8_x86
Sun Solaris 2.6_x86
Sun Solaris 8_sparc
Solution:
Checksums for these patches available at: ftp://sunsolve.sun.com/pub/patches/CHECKSUMS
Sun Solaris 7.0_x86
Sun Solaris 2.6
Sun Solaris 7.0
Sun Solaris 8_x86
Sun Solaris 2.6_x86
Sun Solaris 8_sparc
References
Solaris netpr Buffer Overflow Vulnerability
References:
References: