Printer (SunOS) Version


Summary

SARA detected a printer daemon but cannot determine the operating system. If the identified host is a SunOS 2.5 or 2.6 system, the printer daemon may be vulnerable. If not, then the daemon is OK. The tutorial below assumes that the host is a SunOS. A buffer overrun exists in the 'netpr' program, part of the SUNWpcu (LP) package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7.

The problem

By specifying a long buffer containing machine executable code, it is possible to execute arbitrary commands as root. On Sparc, the exploits provided will spawn a root shell, whereas on x86 it will create a setuid root shell in /tmp.

Fix

As of this writing, patches are not available to the general public. Removal of the setuid bit on the /usr/lib/lp/bin/netpr program will eliminate this vulnerability. This may prevent some portions of the network printing subsystem from working.

Reference(s):