Signature Detail
Short Name |
LPD:LDP-CMD-INJ |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
LPD |
Keywords |
Command Injection |
Release Date |
2011/11/22 |
Update Number |
2034 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
LPD: Command Injection
This signature detects attempts to inject shell commands into a packet sent to an LPD server.
Extended Description
The 'lpsched' utility in IRIX is prone to a remote shell command-execution vulnerability. Successfully exploiting this issue can allow arbitrary commands to run in the context of the affected user.
Affected Products
- SGI IRIX 6.5.0
- SGI IRIX 6.5.1
- SGI IRIX 6.5.10 f
- SGI IRIX 6.5.10 m
- SGI IRIX 6.5.11 f
- SGI IRIX 6.5.11 m
- SGI IRIX 6.5.12 f
- SGI IRIX 6.5.12 m
- SGI IRIX 6.5.13 f
- SGI IRIX 6.5.13 m
- SGI IRIX 6.5.2 f
- SGI IRIX 6.5.2 m
- SGI IRIX 6.5.3 f
- SGI IRIX 6.5.3 m
- SGI IRIX 6.5.4 f
- SGI IRIX 6.5.4 m
- SGI IRIX 6.5.5 f
- SGI IRIX 6.5.5 m
- SGI IRIX 6.5.6 f
- SGI IRIX 6.5.6 m
- SGI IRIX 6.5.7 f
- SGI IRIX 6.5.7 m
- SGI IRIX 6.5.8 f
- SGI IRIX 6.5.8 m
- SGI IRIX 6.5.9 f
- SGI IRIX 6.5.9 m
References
- CVE: CVE-2001-0800