Solaris in.lpd Crafted Job Request Arbitrary Remote Command Execution

Critical Nessus Plugin ID 11513


The remote lpd daemon is vulnerable to arbitrary command execution.


The remote lpd daemon is vulnerable to an environment error that could allow an attacker to execute arbitrary commands on this host.

Nessus uses this vulnerability to retrieve the password file of the remote host although any command could be executed.


None at this time. Disable this service.

See Also

Plugin Details

Severity: Critical

ID: 11513

File Name: solaris_lpd_env_cmd_exec.nasl

Version: $Revision: 1.23 $

Type: remote

Published: 2003/04/03

Modified: 2016/12/09

Dependencies: 17975

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2001/08/31

Exploitable With


Metasploit (Solaris LPD Command Execution)

Reference Information

CVE: CVE-2001-1583

BID: 3274

OSVDB: 15131