{"vuid":"VU#274043","idnumber":"274043","name":"BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request","keywords":["BSD Line Printer Daemon","buffer overflow","crafted print request","in.lpd","lpd"],"overview":"The line printer daemon enables various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges.","clean_desc":"There is a buffer overflow in several implementations of in.lpd, a BSD line printer daemon. An intruder can send a specially crafted print job to the target and then request a display of the print queue to trigger the buffer overflow. The intruder may be able use this overflow to execute arbitrary commands on the system with superuser privileges. The line printer daemon must be enabled and configured properly in order for an intruder to exploit this vulnerability. This is, however, trivial as the line printer daemon is commonly enabled to provide printing functionality. In order to exploit the buffer overflow, the intruder must launch his attack from a system that is listed in the \"/etc/hosts.equiv\" or \"/etc/hosts.lpd\" file of the target system.","impact":"An intruder can remotely execute arbitrary commands on the system with the privileges of the line printer daemon, usually root or a superuser.","resolution":"Apply a patch, if available, from your vendor.","workarounds":"Disable the line printer daemon if there is not a patch available from your vendor.","sysaffected":"","thanks":"This vulnerability was discovered and researched by Mark Dowd of Internet Security Systems (ISS). The CERT/CC wishes to thank ISS for the information contained in their advisory.","author":"This document was written by Jason Rafail.","public":["http://xforce.iss.net/alerts/advise94.php","http://www.securityfocus.com/bid/3252","http://www.BSDI.COM/services/support/patches/patches-4.1/M410-044","http://www.openbsd.com/errata.html","http://www.netbsd.org/security","http://www.freebsd.org/security"],"cveids":["CVE-2001-0670"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-08-29T20:57:18Z","publicdate":"2001-08-28T00:00:00Z","datefirstpublished":"2001-09-10T15:18:15Z","dateupdated":"2001-11-30T14:25:15Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"18","cam_population":"20","cam_impact":"19","cam_easeofexploitation":"17","cam_attackeraccessrequired":"7","cam_scorecurrent":"32.21925","cam_scorecurrentwidelyknown":"32.21925","cam_scorecurrentwidelyknownexploited":"49.17675","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":32.21925,"vulnote":null}