{"vuid":"VU#638011","idnumber":"638011","name":"HP-UX Line Printer Daemon Vulnerable to Directory Traversal","keywords":["HP-UX","line printer daemon","rlpdaemon","crafted print request","arbitrary command execution","remote logic flaw"],"overview":"A remotely exploitable directory traversal vulnerability exists in the HP-UX line printer daemon.","clean_desc":"The line printer daemon (rlpdaemon) enables various clients to share printers over a network. By sending a specially crafted print request to an HP-UX host running the rlpdaemon, a local or remote attacker can create arbitrary files or directories on the target host. Intruders may find this vulnerability attractive to exploit because the line printer daemon is enabled by default to provide printing services.","impact":"An attacker may be able to execute arbitrary code on the target system with the privileges of the line printer daemon, typically superuser.","resolution":"Contact HP for patches.","workarounds":"Workaround Disable the line printer daemon until a patch can be applied.","sysaffected":"","thanks":"This vulnerability was discovered and researched by Mark Dowd and Kris Hunt of \nInternet Security Systems (ISS)\n. The CERT/CC thanks ISS for the information contained in their advisory.","author":"This document was written by Ian A. Finlay.","public":["http://xforce.iss.net/alerts/advise102.php","http://xforce.iss.net/static/7234.php","http://cve.mitre.org/cgi-bin/cvename.cgi?name=0817","http://archives.neohapsis.com/archives/hp/2001-q4/0047.html","http://www.securityfocus.com/bid/3561"],"cveids":["CVE-2001-0817"],"certadvisory":"CA-2001-32","uscerttechnicalalert":null,"datecreated":"2001-11-20T21:26:20Z","publicdate":"2001-11-20T00:00:00Z","datefirstpublished":"2001-11-21T15:20:01Z","dateupdated":"2001-12-06T19:36:10Z","revision":46,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"15","cam_attackeraccessrequired":"18","cam_scorecurrent":"41.00625","cam_scorecurrentwidelyknown":"45.5625","cam_scorecurrentwidelyknownexploited":"75.9375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":41.00625,"vulnote":null}