By specifying a long buffer containing machine executable code, it is possible to execute arbitrary commands as root. On Sparc, the exploits provided will spawn a root shell, whereas on x86 it will create a setuid root shell in /tmp.
As of this writing, patches are not available to the general public. Removal of the setuid bit on the /usr/lib/lp/bin/netpr program will eliminate this vulnerability. This may prevent some portions of the network printing subsystem from working.