Intrusion Prevention

SUN.Solaris.LPD.Command.Execution

Description

This indicates a possible attempt to exploit a remote command execution vulnerability in the Sun Solaris lpd daemon. The lpd daemon can be exploited by causing it to send specially crafted options to mail or sendmail. A remote attacker may be able to execute arbitrary commands on the target host with superuser privileges.

Affected Products

Sun Solaris 8.0 and earlier.

Impact

System compromise, arbitrary command execution.

Recommended Actions

See the following Sun documnt for patch information:
Security Vulnerability with the in.lpd(1M) Daemon Allowing Options to be Passed to Sendmail, Document ID: 41664 Apr 16, 2002
http://sunsolve.sun.com/search/document.do?assetkey=1-26-41664-1