Note: This is an archival copy of Security Sun Alert 236884 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019199.1.
6599099, 6599100, 6599950
Date of Resolved Release
Security Vulnerabilities in Solaris Print Service
1. ImpactSecurity vulnerabilities in the Solaris print service may allow a remote unprivileged user the ability to run arbitrary code as root or cause a Denial of Service (DoS) condition.
2. Contributing FactorsThese issues can occur in the following releases:
3. SymptomsIf the issue described in BugID 6599950 occurs, users may experience a DoS condition on the Solaris print system.
There are no predictable symptoms that would indicate the described issue has been exploited to execute arbitrary code.
4. WorkaroundTo work around the described issues, do the following:
For Solaris 8 and Solaris 9 Systems:
Disable the BSD print protocol adaptor (in.lpd(1M)) by doing the following:
1. Edit the "/etc/inetd.conf" file and comment out the following line by adding the "#" symbol to the beginning of the line as shown:
#printer stream tcp6 nowait root /usr/lib/print/in.lpd in.lpd
2. Tell the inetd(1M) process to reread the newly modified "/etc/inetd.conf" file by sending it a hangup signal, SIGHUP:
# /usr/bin/pkill -HUP inetd
For Solaris 10 Systems:
Disable the main print services by executing the following commands:
# svcadm disable svc:/application/print/rfc1179
# svcadm disable svc:/application/print/ipp-listener
# svcadm disable svc:/application/print/server
5. ResolutionThese issues are addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
27-May-2008: Updated Solaris 10 patch numbers
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
This solution has no attachment