Cisco IOS Line Printer Daemon (LPD) Stack Overflow

high Nessus Plugin ID 17791

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

On October 10 2007, Cisco released a security response for a vulnerability in the Line Printer Daemon (LPD) in IOS. Exploitation of this vulnerability could result in arbitrary code execution. This plugin checks if the appropriate fix for the advisory has been installed.

Solution

Upgrade to IOS version 12.2(18)SXF11, 12.4(16a), 12.4(2)T6 or greater.

See Also

http://www.cisco.com/en/US/products/csr/cisco-sr-20071010-lpd.html

Plugin Details

Severity: High

ID: 17791

File Name: cisco-sr-20071010-lpd.nasl

Version: 1.11

Type: combined

Family: CISCO

Published: 1/10/2012

Updated: 7/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/24/2007

Vulnerability Publication Date: 1/24/2007

Reference Information

CVE: CVE-2007-5381

BID: 26001

CWE: 119

CERT: 230505

CISCO-SR: cisco-sr-20071010-lpd

CISCO-BUG-ID: CSCsj86725