Linux lpd vulnerability

Impact

A remote user could execute arbitrary code on a properly configured print server.

Background

The print process is controlled by a process called lpd. The lpd process is a UNIX daemon that accepts print requests from local and remote users.

The Problem

The Quadruple Inverted Backflip vulnerability could allow any remote user to gain access to the system with the privileges of user bin. With this access, it is often trivial to gain root access. This vulnerability affects lpd on RedHat Linux 4.x, 5.x, and 6.x.

Resolution

If print service is not needed, disable lpd. Otherwise, the vulnerability can be fixed by applying the appropriate patch. See the L0pht Security Advisory for patch information.

Where can I read more about this?

Details on this vulnerability can be found in the L0pht Security Advisory.