Solaris lpset -r Buffer Overflow Vulnerability

Solution:
Sun has made the following patches available from http://sunsolve.sun.com/securitypatch:

SunOS 5.8 109320-01
SunOS 5.8_x86 109321-01
SunOS 5.7 107115-05
SunOS 5.7_x86 107115-05
SunOS 5.6 106235-06
SunOS 5.6_x86 106236-06

Checksums are available at: ftp://sunsolve.sun.com/pub/patches/CHECKSUMS

Removal of the setuid bit on the lpset executable will remove this problem. As this program is intended to only be runable by root, and members of the 'sysadmin' group (group14), removal of this bit should not have a significant impact.



 

Privacy Statement
Copyright 2010, SecurityFocus