Signature Detail
Short Name |
LPR:ARB-FILE-UNLINK |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
LPR |
Keywords |
Sun Solaris Printd Daemon Arbitrary File Deletion |
Release Date |
2005/09/01 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
LPR: Sun Solaris Printd Daemon Arbitrary File Deletion
This signature detects LPD connections containing crafted control files. An attacker can send lpr requests containing invalid characters, which if successful, can delete an arbitrary file from the target system resulting in data loss or a system crash.
Extended Description
Sun Solaris printd is affected by an arbitrary file deletion vulnerability. It was reported that a remote or local attacker can delete arbitrary files on a computer with the privileges of printd. If an attacker is able to delete sensitive files, this issue may lead to a denial of service condition.
Affected Products
- Avaya CMS Server 11.0.0
- Avaya CMS Server 12.0.0
- Avaya CMS Server 13.0.0
- Avaya CMS Server 8.0.0
- Avaya CMS Server 9.0.0
- Avaya Interactive Response 1.2.1
- Avaya Interactive Response 1.3.0
- Avaya Interactive Response
- Sun Solaris 10 Sparc
- Sun Solaris 10 X86
- Sun Solaris 7.0
- Sun Solaris 7.0_x86
- Sun Solaris 8 Sparc
- Sun Solaris 8 X86
- Sun Solaris 9 Sparc
- Sun Solaris 9 X86
- Sun Solaris 9 X86 Update 2
References