August 30, 2001

BSD lpd remote buffer overflow

Author: JT Smith

Posted at Help Net Security: "The vulnerability presents itself when an attacker submits a specially- crafted,
incomplete print job. An attacker can subsequently request a display of the printer
queue to trigger a buffer overflow. A static buffer overflow condition exists in the
functionality that parses the attacker's first request. Attackers may use this overflow to
execute arbitrary commands on the system, or spawn an interactive shell and then
navigate the filesystem. After the attacker successfully exploits the buffer overflow, all
commands are executed with superuser privilege."

Category:

  • Linux
Click Here!