HP-UX rlpdaemon vulnerability
Created 11/20/01
CVE 2001-0668
CAN 2001-0817
Impact
A remote attacker could execute arbitrary commands with root
privileges.
Background
By default, the HP-UX operating system is installed with
the Line Printer Daemon (rlpdaemon) running.
This service handles print requests from local and remote
users, similar to lpd on other types of Unix.
The Problem
8/29/01
CVE 2001-0668
A buffer overflow condition in rlpdaemon could
allow a remote attacker to execute arbitrary code with root
privileges by sending a specially crafted print request.
HP-UX versions 10.01 through 11.20 are affected by this vulnerability
if the appropriate patch has not been applied, except HP-UX 10.24
and 11.04 (VVOS) are not affected.
11/20/01
CAN 2001-0817
Due to an unrelated logic flaw in rlpdaemon, it
could also be possible for a remote attacker to create
or write to arbitrary files and directories on the target
system. In many cases, this could easily be leveraged
to full control of the system. HP-UX 10.01 through 11.11 are
affected by this vulnerability if the appropriate patch has not
been applied.
Resolution
If print service is not needed, disable rlpdaemon.
This can be done by finding the line in /etc/inetd.conf
which begins with the word printer and inserting
a pound sign (#) at the beginning of the line.
Be sure to restart the inetd process afterwards.
If print service is required, the vulnerability can be fixed by applying the appropriate
patches for your version of HP-UX:
Patches for buffer overflow:
HP-UX 10.01: PHCO_24697
HP-UX 10.10: PHCO_24698
HP-UX 10.20: PHCO_24699
HP-UX 11.00: PHCO_24700
HP-UX 11.11: PHCO_24701
HP-UX 11.20: PHCO_24868
Patches for logic flaw:
HP-UX 10.01: PHCO_25107
HP-UX 10.10: PHCO_25108
HP-UX 10.20: PHCO_25109
HP-UX 11.00: PHCO_25110
HP-UX 11.11: PHCO_25111
Where can I read more about this?
The buffer overflow vulnerability was discussed in
X-Force advisory 93
and CIAC Bulletin L-134.
The logic flaw was discussed in
CERT Advisory 2001-32.