CVE-2005-4797
published 2005-12-31CVE-2005-4797: Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".."…
PriorityP340medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
29.18%
97.9th percentile
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb↗
- →Detect LPD protocol requests containing ".." (directory traversal) sequences in the Unlink data file command (LPD control command byte 0x05) ↗
- →Monitor LPD daemon (printd/lpd) on Solaris 7–10 for anomalous file deletion activity, particularly targeting system files or krb5.conf ↗
- →Inspect inbound LPD (TCP port 515) traffic for path traversal patterns ("../") in job control file data targeting the Unlink/remove job subcommand ↗
- ·Vulnerability affects Solaris versions 2.6, 7, 8, 9, and 10 — scope detection/patching efforts accordingly ↗
- ·Exploitation can be chained with secondary vulnerabilities (rpc.walld format string, krb5.conf auth bypass) — file deletion alone may be a precursor to privilege escalation ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pmhttp://secunia.com/advisories/16367http://securitytracker.com/id?1014635http://sunsolve.sun.com/search/document.do?assetkey=1-26-101842-1http://www.ciac.org/ciac/bulletins/p-280.shtmlhttp://www.osvdb.org/18650http://www.securityfocus.com/bid/14510http://www.vupen.com/english/advisories/2005/1342https://exchange.xforce.ibmcloud.com/vulnerabilities/21773http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pmhttp://secunia.com/advisories/16367http://securitytracker.com/id?1014635http://sunsolve.sun.com/search/document.do?assetkey=1-26-101842-1http://www.ciac.org/ciac/bulletins/p-280.shtmlhttp://www.osvdb.org/18650http://www.securityfocus.com/bid/14510http://www.vupen.com/english/advisories/2005/1342https://exchange.xforce.ibmcloud.com/vulnerabilities/21773
2005-12-31
Published