11/6/01
CAN 2001-0671
By exploiting any one of three unrelated buffer overflows in
the AIX line printer daemon,
a remote attacker could execute arbitrary code on
the server with root privileges or cause the service
to crash. In order to exploit two of the buffer overflows,
the attacker's host would need to be granted permission to use
the printer service. The
/etc/hosts.equiv and /etc/hosts.lpd
files contain a list of hosts which are allowed to use the
service. In order to exploit the third buffer overflow, the
attacker would need to have control of the victim's DNS server.
AIX version 5.1 and earlier are affected by these vulnerabilities.
11/6/01
Due to a flaw in the line printer daemon's hostname authentication
function, a remote attacker who would otherwise be denied access
to the print server could gain access by falsifying the DNS record
of the attacking host such that it resolves to the same host name
as the print server. This vulnerability could be used in
conjunction with other vulnerabilities to gain root access from
a host which is not listed in /etc/hosts.equiv or
/etc/hosts.lpd. Exploitation of this vulnerability
would require the attacker to have control of his or her own
DNS server.
AIX version 5.1 and earlier are affected by this vulnerability.
kill -9 <pid>where <pid> is the process ID. Also, modify the boot-up scripts so that the print service does not start again when the machine is rebooted.
If print service is required, then a patch should be applied as soon as possible. Check the IBM Security Advisory for patch information. It is also advisable to allow access only to trusted hosts. This can be done by modifying the /etc/hosts.equiv and /etc/hosts.lpd files such that they only contain a list of trusted hosts.