ISS Protection Brief: Sun Solaris printd arbitrary file deletion

From: X-Force (xforce_at_iss.net)
Date: 08/23/05

  • Next message: Palmer, Paul (ISSAtlanta): "RE: IPS technology question."
    Date: Mon, 22 Aug 2005 18:12:31 -0400 (EDT)
    To: alert@iss.net
    
    

    -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Protection Alert
    22 August 2005

    Sun Solaris printd arbitrary file deletion

    Summary:
    ISS X-Force is tracking a vulnerability within the Sun Solaris printd daemon
    and a corresponding exploit that is now publicly available. Sun Solaris
    versions 7, 8, 9, and 10 could allow a local or remote attacker to delete
    arbitrary files on a system caused by a vulnerability in the printd daemon. The
    print daemon is installed by default and usually with root privileges. A remote
    or local attacker could exploit this vulnerability and delete arbitrary files,
    including system files.

    Business Impact:
    The Sun Solaris printd daemon is the default printing service for the Solaris
    operating system and can typically be found on all systems following a standard
    installation. By successfully exploiting this vulnerability an attacker
    is able to delete arbitrary files on a vulnerable system. In doing so, an
    attacker may cause the system to fail dramatically and lead to a loss of service.
    With selective deletion of files, it may be possible for an attacker to leverage
    the missing files to exploit other, older vulnerabilities, which would
    provide interactive access to the vulnerable system. The vulnerable printd service
    is typically installed with root permissions; thereby allowing the attacker to
    delete any system file accessible to that account.

    ______

    Internet Security Systems, Inc. (ISS) is the trusted expert to global
    enterprises and world governments, providing products and services
    that protect against Internet threats. An established world leader
    in security since 1994, ISS delivers proven cost efficiencies and
    reduces regulatory and business risk across the enterprise for
    more than 11,000 customers worldwide. ISS products and services
    are based on the proactive security intelligence conducted by ISS.
    X-ForceŽ research and development team . the unequivocal world
    authority in vulnerability and threat research. Headquartered
    in Atlanta, Internet Security Systems has additional operations
    throughout the Americas, Asia, Australia, Europe and the Middle East.

    Copyright (c) 2005 Internet Security Systems, Inc. All rights reserved
    worldwide.

    This document is not to be edited or altered in any way without the
    express written consent of Internet Security Systems, Inc. If you wish
    to reprint the whole or any part of this document, please email
    xforceiss.net for permission. You may provide links to this document
    from your web site, and you may make copies of this document in
    accordance with the fair use doctrine of the U.S. copyright laws.

    Disclaimer: The information within this paper may change without notice.
    Use of this information constitutes acceptance for use in an AS IS
    condition. There are NO warranties, implied or otherwise, with regard
    to this information or its use. Any use of this information is at
    the user's risk. In no event shall the author/distributor (Internet
    Security Systems X-Force) be held liable for any damages whatsoever
    arising out of or in connection with the use or spread of this
    information.

    X-Force PGP Key available on MIT's PGP key server and PGP.com's key
    server, as well as at http://www.iss.net/security_center/sensitive.php
    Please send suggestions, updates, and comments to:
    xforceiss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBQwpNtzRfJiV99eG9AQG7IwQAo0WRfhpF63utE+VbUiC4rJQHz8ZBLrcp
    WHtr/Z+735RlkoNQysnu6nZfThbSVaoQRVfbTORATZPHpURHr4v2DlKWIDP2vP6C
    cegYK9W/6uK2OhnilpCshhGh+Nt9NkCLJz9xCBkch89I5OLXndlu9G76JiS1V3KM
    m4XLIONs5oc=
    =C816
    -----END PGP SIGNATURE-----


  • Next message: Palmer, Paul (ISSAtlanta): "RE: IPS technology question."