Cisco IOS Line Printer Daemon (LPD) Stack Overflow

This script is (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

On October 10 2007, Cisco released a security response for a
vulnerability in the Line Printer Daemon (LPD) in IOS. Exploitation
of this vulnerability could result in arbitrary code execution. This
plugin checks if the appropriate fix for the advisory has been
installed.

See also :

http://www.cisco.com/en/US/products/csr/cisco-sr-20071010-lpd.html

Solution :

Upgrade to IOS version 12.2(18)SXF11, 12.4(16a), 12.4(2)T6 or greater.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 17791 ()

Bugtraq ID: 26001

CVE ID: CVE-2007-5381