Solaris in.lpd Crafted Job Request Arbitrary Remote Command Execution

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

The remote lpd daemon is vulnerable to arbitrary command execution.

Description :

The remote lpd daemon is vulnerable to an
environment error that could allow an attacker
to execute arbitrary commands on this host.

Nessus uses this vulnerability to retrieve the
password file of the remote host although any
command could be executed.

See also :

http://archives.neohapsis.com/archives/bugtraq/2001-08/0429.html

Solution :

None at this time. Disable this service.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 11513 ()

Bugtraq ID: 3274

CVE ID: CVE-2001-1583