Detections
Analytics

Solaris in.lpd Crafted Job Request Arbitrary Remote Command Execution

critical Nessus Plugin ID 11513

Language:

Synopsis

The remote lpd daemon is vulnerable to arbitrary command execution.

Description

The remote lpd daemon is vulnerable to an environment error that could allow an attacker to execute arbitrary commands on this host.

Nessus uses this vulnerability to retrieve the password file of the remote host although any command could be executed.

Solution

None at this time. Disable this service.

See Also

http://seclists.org/bugtraq/2001/Aug/437

Plugin Details

Severity: Critical

ID: 11513

File Name: solaris_lpd_env_cmd_exec.nasl

Version: 1.28

Type: remote

Published: 4/3/2003

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/31/2001

Exploitable With

CANVAS (CANVAS)

Metasploit (Solaris LPD Command Execution)

Reference Information

CVE: CVE-2001-1583

BID: 3274