Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
LPR:ARB-FILE-UNLINK |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
LPR |
Keywords |
Sun Solaris Printd Daemon Arbitrary File Deletion |
Release Date |
2005/09/01 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
LPR: Sun Solaris Printd Daemon Arbitrary File Deletion
This signature detects LPD connections containing crafted control files. An attacker can send lpr requests containing invalid characters, which if successful, can delete an arbitrary file from the target system resulting in data loss or a system crash.
Extended Description
Sun Solaris printd is affected by an arbitrary file deletion vulnerability. It was reported that a remote or local attacker can delete arbitrary files on a computer with the privileges of printd. If an attacker is able to delete sensitive files, this issue may lead to a denial of service condition.
Affected Products
- Avaya cms_server 11.0.0
- Avaya cms_server 12.0.0
- Avaya cms_server 13.0.0
- Avaya cms_server 8.0.0
- Avaya cms_server 9.0.0
- Avaya interactive_response 1.2.1
- Avaya interactive_response 1.3.0
- Avaya interactive_response
- Sun solaris 10 Sparc
- Sun solaris 10 X86
- Sun solaris 7.0
- Sun solaris 7.0_x86
- Sun solaris 8 Sparc
- Sun solaris 8 X86
- Sun solaris 9 Sparc
- Sun solaris 9 X86
- Sun solaris 9 X86 Update 2
References