多个供应商lpd漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105685 漏洞类型 访问验证错误
发布时间 2000-01-11 更新时间 2009-02-28
CVE编号 CVE-2000-1221 CNNVD-ID CNNVD-200001-026
漏洞平台 Unix CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/19722
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200001-026
|漏洞详情
多个Linux操作系统lpr包中的lineprinterdaemon(lpd)通过对比本地机器的反向解析主机名和由gethostname返回的打印服务器的主机名进行认证。远程攻击者通过修改攻击IP的DNS绕过预定的访问控制。
|漏洞EXP
source: http://www.securityfocus.com/bid/927/info

Multiple vulnerabilities have been discovered in lpd, shipped with various Linux and Unix distributions.

It has been reported that lpd fails to properly authenticate hostnames. This could allow an unauthenticated user to gain access to lpd services by supplying a spoofed hostname.

It is also possible for a local user to pass arguments to sendmail, through the vulnerable print daemon. This could allow an unauthorized user to execute commands with elevated privileges.

By exploiting multiple vulnerabilities in lpd, it may be possible for a remote attacker to gain root privileges on a target server.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19722.tgz
|参考资料

来源:US-CERTVulnerabilityNote:VU#30308
名称:VU#30308
链接:http://www.kb.cert.org/vuls/id/30308
来源:DEBIAN
名称:20000109lpr--accesscontrolproblemandrootexploit
链接:http://www.debian.org/security/2000/20000109
来源:L0PHT
名称:20000108QuadrupleInvertedBackflip
链接:http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
来源:SGI
名称:20021104-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P
来源:XF
名称:redhat-lpd-auth(3840)
链接:http://xforce.iss.net/xforce/xfdb/3840
来源:BID
名称:927
链接:http://www.securityfocus.com/bid/0927
来源:L0PHT
名称:20000108QuadrupleInvertedBackflip
链接:http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
来源:REDHAT
名称:RHSA-2000:002
链接:http://rhn.redhat.com/errata/RHSA-2000-002.html