Lucene search

K
canvasImmunity CanvasSOL_PRINTER_CONF
HistoryMay 12, 2008 - 7:20 p.m.

Immunity Canvas: SOL_PRINTER_CONF

2008-05-1219:20:00
Immunity Canvas
exploitlist.immunityinc.com
24

EPSS

0.1

Percentile

94.9%

Name sol_printer_conf
CVE CVE-2008-2144 Exploit Pack
VENDOR: Sun
Advisory: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236884-1
Notes:

This exploit gets remote root on Solaris servers given a working printer
name.

Resolved by:
SPARC Platform

  • Solaris 8 with patch 109320-20 or later
  • Solaris 9 with patch 113329-19 or later
  • Solaris 10 with patch 126672-02 or later

x86 Platform

  • Solaris 8 with patch 109321-20 or later
  • Solaris 9 with patch 114980-20 or later
  • Solaris 10 with patch 126673-02 or later

Guessing the wrong printer gives a log message in /var/adm/messages
Jun 4 12:00:56 unknown bsd-gw[1979]: [ID 937800 lpr.error] request to printer (unknown printer) from ::ffff:192.168.172.1

Locally:
cat /var/spool/lp/system/pstatus

Will print out a list of printers. huhu2 is the printer name below:

+==========
huhu2
enabled accepting
1210965172 1210965198
new printer
new destination

Date public: 5/9/2008
CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2144
CVSS: 10.0

EPSS

0.1

Percentile

94.9%

Related for SOL_PRINTER_CONF