Printer (SunOS) Version


Summary

A buffer overrun exists in the 'netpr' program, part of the SUNWpcu (LP) package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7.

The problem

By specifying a long buffer containing machine executable code, it is possible to execute arbitrary commands as root. On Sparc, the exploits provided will spawn a root shell, whereas on x86 it will create a setuid root shell in /tmp.

Fix

As of this writing, patches are not available to the general public. Removal of the setuid bit on the /usr/lib/lp/bin/netpr program will eliminate this vulnerability. This may prevent some portions of the network printing subsystem from working.

Reference(s):