PT-2005-5460 · Oracle · Solaris

Published

2005-12-31

Updated

2018-10-30

CVE-2005-4797

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Solaris versions 7 through 10

Description A directory traversal issue exists in the printd line printer daemon (lpd) that allows remote attackers to delete arbitrary files by using ".." sequences in an "Unlink data file" command.

Recommendations For Solaris versions 7 through 10, consider restricting access to the lpd service until a patch is available. As a temporary workaround, avoid using the "Unlink data file" command with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4797

Affected Products

Solaris

PT-2005-5460 · Oracle · Solaris

CVE-2005-4797

Related Identifiers

Affected Products

References · 11