NeXTstep "npd" program could allow an attacker to gain root privileges

nextstep-npd-root-access (7143) The risk level is classified as HighHigh Risk

Description:

NeXTstep could allow a remote attacker to gain elevated system privileges, caused by a vulnerability in the '/usr/lib/NextPrinter/npd' program. On systems that have publicly accessible printers and weak directory permissions, a remote attacker could use this vulnerability to gain root privileges.


Consequences:

Gain Privileges

Remedy:

Upgrade to a more secure version of 'lpd' and change the permissions of directories on the system that are currently owned and able to be written by group "wheel", as listed in CERT Advisory CA-1990-06. See References.

References:

  • CERT Advisory CA-1990-06: NeXT's System Software.
  • CIAC Information Bulletin B-01: Security Problem on the NeXT Operating System.
  • BID-10: NeXTstep npd Vulnerability
  • BID-1000: Microsoft Windows Media Services Handshake Sequence DoS Vulnerability
  • BID-10002: cPanel Multiple Module Cross-Site Scripting Vulnerabilities
  • BID-10003: TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
  • BID-10004: TCPDump ISAKMP Identification Payload Integer Underflow Vulnerability
  • BID-10005: Interchange Remote Information Disclosure Vulnerability
  • BID-10007: Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerability
  • BID-10008: MPlayer Remote HTTP Header Buffer Overflow Vulnerability
  • BID-10009: Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability
  • BID-1001: InterAccess TelnetD Server 4.0 Terminal Configuration Vulnerability
  • BID-10010: LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
  • BID-10013: PHPKit Multiple HTML Injection Vulnerabilities
  • BID-10017: JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
  • BID-10018: MadBMS Unspecified Login Vulnerability
  • BID-10019: Cactusoft CactuShop SQL Injection Vulnerability
  • BID-1002: Sambar Server Batch CGI Vulnerability
  • BID-10020: CactuSoft CactuShop Cross-Site Scripting Vulnerability
  • BID-10022: Roger Wilco Server UDP Datagram Handling Denial Of Service Vulnerability
  • BID-10024: Roger Wilco Information Disclosure Vulnerability
  • BID-10025: Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
  • BID-10026: ADA IMGSVR Remote Directory Listing Vulnerability
  • BID-10027: ADA IMGSVR Remote File Download Vulnerability
  • BID-10028: OpenBSD ISAKMPD Zero Payload Length Denial Of Service Vulnerability
  • BID-1003: FTPx FTP Explorer Weak Password Encryption Vulnerability
  • BID-10033: HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability
  • BID-10036: Macromedia Dreamweaver Remote User Database Access Vulnerability
  • BID-10037: SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities
  • CVE-1999-1391: Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.
  • OSVDB ID: 8768: NeXTstep npd Local Privilege Escalation

Platforms Affected:

  • NeXT NeXTstep 1.0 and 1.0a

Reported:

Oct 03, 1990

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page