Author: JT Smith
Posted at Help Net Security: “The vulnerability presents itself when an attacker submits a specially- crafted,
incomplete print job. An attacker can subsequently request a display of the printer
queue to trigger a buffer overflow. A static buffer overflow condition exists in the
functionality that parses the attacker’s first request. Attackers may use this overflow to
execute arbitrary commands on the system, or spawn an interactive shell and then
navigate the filesystem. After the attacker successfully exploits the buffer overflow, all
commands are executed with superuser privilege.”
incomplete print job. An attacker can subsequently request a display of the printer
queue to trigger a buffer overflow. A static buffer overflow condition exists in the
functionality that parses the attacker’s first request. Attackers may use this overflow to
execute arbitrary commands on the system, or spawn an interactive shell and then
navigate the filesystem. After the attacker successfully exploits the buffer overflow, all
commands are executed with superuser privilege.”
Category:
- Linux
