Note: This is an archival copy of Security Sun Alert 200978 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000736.1.
Article ID : 1000736.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-08-08
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the "printd" Daemon


Release Phase

Solaris 9 Operating System
Solaris 10 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id

Date of Resolved Release


A local or remote unprivileged user may be able to remove any file on the system due to a security vulnerability in the "printd" daemon.

Sun acknowledges, with thanks, H.D. Moore of, for bringing this issue to our attention.

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7 without patch 107115-19
  • Solaris 8 without patch 109320-16
  • Solaris 9 without patch 113329-15
  • Solaris 10 without patch 120467-01

x86 Platform

  • Solaris 7 without patch 107116-19
  • Solaris 8 without patch 109321-16
  • Solaris 9 without patch 114980-16
  • Solaris 10 without patch 120468-01

This issue only occurs on systems that have the printer package "SUNWpcu" installed. 


There are no reliable symptoms that would indicate the described issue has been exploited.


To work around the described issue, one of the following options can be applied:

Option 1:

Temporarily rename the following file used by the "printd" daemon:


Note: Renaming this file will cause systems configured to use the cascade spooler to fail to send print requests to the configured remote host.

Option 2:

Disable the BSD print protocol adaptor (in.lpd(1M)) by doing the following:

For pre-Solaris 10 systems:

1. Edit the "/etc/inetd.conf" file and comment out the following line by adding the "#" symbol to the beginning of the line as shown:

    #printer stream tcp6 nowait root /usr/lib/print/in.lpd in.lpd

2. Tell the inetd(1M) process to reread the newly modified "/etc/inetd.conf" file by sending it a hangup signal, SIGHUP:

    # /usr/bin/pkill -HUP inetd

For systems running Solaris 10 or above:

Execute the following command:

    # svcadm disable svc:/application/print/rfc1179



This issue is addressed in the following releases:

SPARC Platform

  • Solaris 7 with patch 107115-19 or later
  • Solaris 8 with patch 109320-16 or later
  • Solaris 9 with patch 113329-15 or later
  • Solaris 10 with patch 120467-01 or later

x86 Platform

  • Solaris 7 with patch 107116-19 or later
  • Solaris 8 with patch 109321-16 or later
  • Solaris 9 with patch 114980-16 or later
  • Solaris 10 with patch 120468-01 or later



This solution has no attachment