The Solaris 7 lp is a utility used to manage print queues. A buffer overflow vulnerability in this utility allows local users to gain root privileges by sending a specially crafted -d option.
The Solaris 7 lp is a utility used to manage print queues. A buffer overflow vulnerability in this utility allows local users to gain root privileges by sending a specially crafted -d option.
This is Solaris 7, specifically the lp utility. Version info not stated in advisory. Check with your system administrator if you're running an older version of Solaris or have a similar utility installed.
Immediate mitigations:
- Restrict access to the lp utility (e.g., chown lp:lp lp /dev/lp0)
- Monitor for suspicious print queue activity
To fix, download and install a patched version from archives.neohapsis.com. No public patch link is available in the advisory.