VULHUB ™

Vulnerability #1: Several files that are part of the LPPlus print management system are installed setuid root by default. These files include: $LPHOME/bin/dccsched $LPHOME/bin/dcclpdser $LPHOME/bin/dccbkst These start the scheduler, LPD server and network status daemons. $LPHOME/bin/dccshut $LPHOME/bin/dcclpdshut $LPHOME/bin/dccbkstshut These stop the same services. By default, all six may be run by a user of any privilege level, allowing any user to start and stop printing services, regardless of userid or group. Vulnerability #2: $LPHOME/system/lpdprocess is created mode 777. This file contains the process ID of the dcclpdser process. If a user replaces the PID in $LPHOME/system/lpdprocess with the PID of a target process, then runs $LPHOME/bin/dcclpdshut, the combination of this file's permissions, and the fact that dcclpdshut is executable by any user, allows any user to send signal 2 (SIGINT) to, thereby shutting down, any process.

Vulnerability #1: Several files that are part of the LPPlus print management system are installed setuid root by default. These files include: $LPHOME/bin/dccsched $LPHOME/bin/dcclpdser $LPHOME/bin/dccbkst These start the scheduler, LPD server and network status daemons. $LPHOME/bin/dccshut $LPHOME/bin/dcclpdshut $LPHOME/bin/dccbkstshut These stop the same services. By default, all six may be run by a user of any privilege level, allowing any user to start and stop printing services, regardless of userid or group. Vulnerability #2: $LPHOME/system/lpdprocess is created mode 777. This file contains the process ID of the dcclpdser process. If a user replaces the PID in $LPHOME/system/lpdprocess with the PID of a target process, then runs $LPHOME/bin/dcclpdshut, the combination of this file's permissions, and the fact that dcclpdshut is executable by any user, allows any user to send signal 2 (SIGINT) to, thereby shutting down, any process.