Vulnerabilities > CVE-2005-4797 - Unspecified vulnerability in SUN Solaris and Sunos
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 9 |
Metasploit
| description | This module uses a vulnerability in the Solaris line printer daemon to delete arbitrary files on an affected system. This can be used to exploit the rpc.walld format string flaw, the missing krb5.conf authentication bypass, or simply delete system files. Tested on Solaris 2.6, 7, 8, 9, and 10. |
| id | MSF:AUXILIARY/DOS/SOLARIS/LPD/CASCADE_DELETE |
| last seen | 2019-12-07 |
| modified | 2017-07-24 |
| published | 2006-09-18 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4797 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/solaris/lpd/cascade_delete.rb |
| title | Solaris LPD Arbitrary File Delete |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS7_X86_107116.NASL description SunOS 5.7_x86: lp Patch. Date this patch was last updated by Sun : Mar/22/06 last seen 2016-09-26 modified 2011-09-18 plugin id 13205 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13205 title Solaris 7 (x86) : 107116-20 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13205); script_version("1.27"); script_name(english: "Solaris 7 (x86) : 107116-20"); script_cve_id("CVE-2000-0316", "CVE-2005-2032", "CVE-2005-4797"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 107116-20"); script_set_attribute(attribute: "description", value: 'SunOS 5.7_x86: lp Patch. Date this patch was last updated by Sun : Mar/22/06'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/107116-20"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/12"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"vuln_publication_date", value: "2000/04/24"); script_end_attributes(); script_summary(english: "Check for patch 107116-20"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.7_x86", arch:"i386", patch:"107116-20", obsoleted_by:"", package:"SUNWpcu", version:"13.1,REV=1998.09.01.04.53"); e += solaris_check_patch(release:"5.7_x86", arch:"i386", patch:"107116-20", obsoleted_by:"", package:"SUNWpsf", version:"13.1,REV=1998.09.01.04.53"); e += solaris_check_patch(release:"5.7_x86", arch:"i386", patch:"107116-20", obsoleted_by:"", package:"SUNWpsu", version:"13.1,REV=1998.09.01.04.53"); e += solaris_check_patch(release:"5.7_x86", arch:"i386", patch:"107116-20", obsoleted_by:"", package:"SUNWscplp", version:"13.1,REV=1998.09.01.04.53"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_hole(0); else security_hole(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS7_107115.NASL description SunOS 5.7: lp Patch. Date this patch was last updated by Sun : Mar/22/06 last seen 2016-09-26 modified 2011-09-18 plugin id 13100 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13100 title Solaris 7 (sparc) : 107115-20 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13100); script_version("1.28"); script_name(english: "Solaris 7 (sparc) : 107115-20"); script_cve_id("CVE-2005-2032", "CVE-2005-4797"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 107115-20"); script_set_attribute(attribute: "description", value: 'SunOS 5.7: lp Patch. Date this patch was last updated by Sun : Mar/22/06'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/107115-20"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/12"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/15"); script_end_attributes(); script_summary(english: "Check for patch 107115-20"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.7", arch:"sparc", patch:"107115-20", obsoleted_by:"", package:"SUNWpcu", version:"13.1,REV=1998.09.01.04.16"); e += solaris_check_patch(release:"5.7", arch:"sparc", patch:"107115-20", obsoleted_by:"", package:"SUNWpsf", version:"13.1,REV=1998.09.01.04.16"); e += solaris_check_patch(release:"5.7", arch:"sparc", patch:"107115-20", obsoleted_by:"", package:"SUNWpsu", version:"13.1,REV=1998.09.01.04.16"); e += solaris_check_patch(release:"5.7", arch:"sparc", patch:"107115-20", obsoleted_by:"", package:"SUNWscplp", version:"13.1,REV=1998.09.01.04.16"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_warning(0); else security_warning(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_113329.NASL description SunOS 5.9: lp Patch. Date this patch was last updated by Sun : Dec/03/10 last seen 2016-09-26 modified 2011-09-18 plugin id 13537 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13537 title Solaris 9 (sparc) : 113329-30 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13537); script_version("1.46"); script_name(english: "Solaris 9 (sparc) : 113329-30"); script_cve_id("CVE-2005-4797"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 113329-30"); script_set_attribute(attribute: "description", value: 'SunOS 5.9: lp Patch. Date this patch was last updated by Sun : Dec/03/10'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/113329-30"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/12"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/09"); script_end_attributes(); script_summary(english: "Check for patch 113329-30"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113329-30", obsoleted_by:"112920-03 ", package:"SUNWcsr", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113329-30", obsoleted_by:"112920-03 ", package:"SUNWpcu", version:"13.1,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113329-30", obsoleted_by:"112920-03 ", package:"SUNWppm", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113329-30", obsoleted_by:"112920-03 ", package:"SUNWpsf", version:"13.1,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113329-30", obsoleted_by:"112920-03 ", package:"SUNWpsr", version:"13.1,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113329-30", obsoleted_by:"112920-03 ", package:"SUNWpsu", version:"13.1,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113329-30", obsoleted_by:"112920-03 ", package:"SUNWscplp", version:"13.1,REV=2002.04.06.15.27"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_warning(0); else security_warning(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114980.NASL description SunOS 5.9_x86: lp Patch. Date this patch was last updated by Sun : Nov/30/10 last seen 2016-09-26 modified 2015-01-15 plugin id 13619 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13619 title Solaris 9 (x86) : 114980-31 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13619); script_version("1.46"); script_name(english: "Solaris 9 (x86) : 114980-31"); script_cve_id("CVE-2005-2032", "CVE-2005-4797", "CVE-2009-2972"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 114980-31"); script_set_attribute(attribute: "description", value: 'SunOS 5.9_x86: lp Patch. Date this patch was last updated by Sun : Nov/30/10'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/114980-31"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/12"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/15"); script_end_attributes(); script_summary(english: "Check for patch 114980-31"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114980-31", obsoleted_by:"114423-09 ", package:"SUNWcsr", version:"11.9.0,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114980-31", obsoleted_by:"114423-09 ", package:"SUNWpcu", version:"13.1,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114980-31", obsoleted_by:"114423-09 ", package:"SUNWppm", version:"11.9.0,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114980-31", obsoleted_by:"114423-09 ", package:"SUNWpsf", version:"13.1,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114980-31", obsoleted_by:"114423-09 ", package:"SUNWpsr", version:"13.1,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114980-31", obsoleted_by:"114423-09 ", package:"SUNWpsu", version:"13.1,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114980-31", obsoleted_by:"114423-09 ", package:"SUNWscplp", version:"13.1,REV=2002.11.04.02.51"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_hole(0); else security_hole(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120468.NASL description SunOS 5.10_x86: lp patch. Date this patch was last updated by Sun : Sep/08/06 last seen 2018-09-01 modified 2018-08-13 plugin id 19454 published 2005-08-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19454 title Solaris 10 (x86) : 120468-05 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(19454); script_version("1.31"); script_name(english: "Solaris 10 (x86) : 120468-05"); script_cve_id("CVE-2005-4797"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 120468-05"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: lp patch. Date this patch was last updated by Sun : Sep/08/06'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/120468-05"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/18"); script_cvs_date("Date: 2019/10/25 13:36:22"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/09"); script_end_attributes(); script_summary(english: "Check for patch 120468-05"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS8_109320.NASL description SunOS 5.8: lp patch. Date this patch was last updated by Sun : Nov/07/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13319 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13319 title Solaris 8 (sparc) : 109320-22 NASL family Solaris Local Security Checks NASL id SOLARIS10_120467.NASL description SunOS 5.10: lp patch. Date this patch was last updated by Sun : Sep/08/06 last seen 2018-09-02 modified 2018-08-13 plugin id 19449 published 2005-08-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19449 title Solaris 10 (sparc) : 120467-05 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_109321.NASL description SunOS 5.8_x86: lp patch. Date this patch was last updated by Sun : Nov/07/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13427 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13427 title Solaris 8 (x86) : 109321-22
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pm
- http://secunia.com/advisories/16367
- http://securitytracker.com/id?1014635
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101842-1
- http://www.ciac.org/ciac/bulletins/p-280.shtml
- http://www.osvdb.org/18650
- http://www.securityfocus.com/bid/14510
- http://www.vupen.com/english/advisories/2005/1342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21773