HP-UX Remote Line Printer Daemon Logic Flaw Vulnerability

Rlpdaemon is the line printer daemon that ships with HP-UX. It is intended to provide print-sharing capabilities over a network. It is installed by default on HP-UX systems and runs as superuser. Rlpdaemon is based on the original BSD Unix line printer daemon and is similar to the lpd incorporated into other Unix variants.

The HP-UX line printer daemon is prone to an issue which may allow a remote attacker to gain local access to a host running the vulnerable package.

This vulnerability may allow a remote attacker to make a specially crafted print request which is able to write to arbitrary files or create directories on the host.

This may result in the remote attacker gaining local access, potentially with elevated privileges.


 

Privacy Statement
Copyright 2010, SecurityFocus