Linux lpd vulnerability
Impact
A remote user could execute arbitrary code on a properly configured
print server.
Background
The print process is controlled by a process called lpd.
The lpd process is a UNIX daemon that accepts print
requests from local and remote users.
The Problem
The Quadruple Inverted Backflip vulnerability could allow
any remote user to gain access to the system with the privileges
of user bin. With this access, it is often trivial to gain
root access. This vulnerability affects lpd on
RedHat Linux 4.x, 5.x, and 6.x.
Resolution
If print service is not needed, disable lpd.
Otherwise, the vulnerability can be fixed by applying the appropriate
patch. See the
L0pht Security Advisory for patch information.
Where can I read more about this?
Details on this vulnerability can be found in the
L0pht Security Advisory.