CVE 2001-0670
Due to a buffer overflow in the part of the code which processes
print requests, a remote attacker could execute arbitrary code on
the server with root privileges by sending a
specially crafted, incomplete print
job to the printer service,
and then requesting a display of the printer queue.
IRIX 6.5 through 6.5.13 are affected by this vulnerability.
In order for this vulnerability to be exploited, the following conditions must exist:
11/22/02
4/16/03
A vulnerability in lpd could allow a remote
attacker to send options to Sendmail. By sending an option
which specifies another configuration file, the attacker could
gain root access to the server. IRIX 6.5 through 6.5.19
are affected by this vulnerability.
11/22/02
4/16/03
Due to a flaw in the line printer daemon's hostname authentication
function, a remote attacker who would otherwise be denied
access to the print server could gain access by falsifying
the DNS record of the attacking host such that it resolves
to the same host name as the print server. This vulnerability
could be used in conjunction with other vulnerabilities to
gain root access from a host which is not listed in
/etc/hosts.equiv or /etc/hosts.lpd.
Exploitation of this vulnerability would require the attacker to
have control of his or her own DNS server.
IRIX 6.5 through 6.5.19 are affected by this vulnerability.
kill -9 <pid>where <pid> is the process ID. Also, modify the boot-up scripts so that the print service does not start again when the machine is rebooted.
If print service is required, then a patch should be applied as soon as possible. Check SGI Security Advisory 20030406-01-P for patch information. It would also be advisable to allow access only to trusted hosts. This can be done by modifying the /etc/hosts.equiv and /etc/hosts.lpd files such that they only contain a list of trusted hosts.