cbcvebase.
CVE-2005-4797
published 2005-12-31

CVE-2005-4797: Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".."…

PriorityP340medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
29.18%
97.9th percentile
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.

Affected

6 ranges
VendorProductVersion rangeFixed in
sunsolaris
sunsolaris
sunsolaris
sunsolaris
sunsunos
sunsunos

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb
commandUnlink data file
  • Detect LPD protocol requests containing ".." (directory traversal) sequences in the Unlink data file command (LPD control command byte 0x05)
  • Monitor LPD daemon (printd/lpd) on Solaris 7–10 for anomalous file deletion activity, particularly targeting system files or krb5.conf
  • Inspect inbound LPD (TCP port 515) traffic for path traversal patterns ("../") in job control file data targeting the Unlink/remove job subcommand
  • ·Vulnerability affects Solaris versions 2.6, 7, 8, 9, and 10 — scope detection/patching efforts accordingly
  • ·Exploitation can be chained with secondary vulnerabilities (rpc.walld format string, krb5.conf auth bypass) — file deletion alone may be a precursor to privilege escalation
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.