ID CVE-2005-4797
Summary Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:7.0:-:x86
    cpe:2.3:o:sun:solaris:7.0:-:x86
  • cpe:2.3:o:sun:solaris:8.0:-:x86
    cpe:2.3:o:sun:solaris:8.0:-:x86
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:9.0:-:x86
    cpe:2.3:o:sun:solaris:9.0:-:x86
  • cpe:2.3:o:sun:solaris:9.0:x86_update_2
    cpe:2.3:o:sun:solaris:9.0:x86_update_2
  • cpe:2.3:o:sun:solaris:10.0:-:sparc
    cpe:2.3:o:sun:solaris:10.0:-:sparc
  • cpe:2.3:o:sun:solaris:10.0:-:x86
    cpe:2.3:o:sun:solaris:10.0:-:x86
  • Sun Microsystems Solaris 7
    cpe:2.3:o:sun:sunos:5.7
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 5.0 (as of 08-05-2006 - 15:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
metasploit via4
description This module uses a vulnerability in the Solaris line printer daemon to delete arbitrary files on an affected system. This can be used to exploit the rpc.walld format string flaw, the missing krb5.conf authentication bypass, or simply delete system files. Tested on Solaris 2.6, 7, 8, 9, and 10.
id MSF:AUXILIARY/DOS/SOLARIS/LPD/CASCADE_DELETE
last seen 2019-01-25
modified 2017-07-24
published 2006-09-18
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb
title Solaris LPD Arbitrary File Delete
nessus via4
refmap via4
bid 14510
ciac P-280
misc http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pm
osvdb 18650
sectrack 1014635
secunia 16367
sunalert 101842
vupen ADV-2005-1342
xf solaris-printd-file-deletion(21773)
Last major update 07-03-2011 - 21:29
Published 31-12-2005 - 00:00
Last modified 30-10-2018 - 12:26
Back to Top