BSD lp daemon allows remote users to gain privileges
| bsd-lpd (568) |  High Risk |
Description:
Several vulnerabilities exist in the line printer daemon (lpd) that, given a number of existing conditions, allows remote users to create and remove files.
In addition, remote users can use vulnerabilities in FTP (the FTP bounce vulnerability) to execute commands and obtain a shell with the privileges of the user running lpd.
Consequences:
Gain Privileges
Remedy:
Modify the print daemon to reject connections from ftp (data port 20).
— AND —
Install an FTP daemon that prevents ftp bounce. This FTP daemon should be installed on all print clients to prevent non-root users from obtaining a privileged port to connect to the print daemon.
Upgrade to the latest version of wu-ftpd (2.6.1 or later), available from the WU-FTPD Web site. See References./P>
References:
- Network Associates, Inc. COVERT Labs Security Advisory #20, October 2, 1997: BSD lpd vulnerabilities. (From Packet Storm archive)
- WU-FTPD Web site: WU-FTPD Development Group.
- CVE-1999-0061: File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
Platforms Affected:
- FreeBSD FreeBSD
- Linux Kernel
- OpenBSD OpenBSD 2.1
- WindRiver BSDOS
Reported:
Oct 01, 1997
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net