Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Lpsystem Vendors:   Caldera/SCO
Caldera Open Unix (SCO) lpsystem Utility May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1002300
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 29 2001
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Open Unix 8.0.0
Description:   A vulnerability was reported in Caldera's lpsystem printer registration utility for Open Unix. A local user may be able to gain elevated privileges.

A local user can provide a long argument to /usr/sbin/lpsystem to trigger a buffer overflow and cause a segmentation fault or possibly cause arbitrary code to be executed.

For example, the following command will reportedly cause a core dump:

/usr/sbin/lpsystem `perl -e 'print "A" x 7000'`

This vulnerability was originally noted by KF (dotslash @

Impact:   A local user may be able to obtain elevated privileges.
Solution:   The vendor has released fix binaries, available at:

md5 checksums:

f2048bf92f7a55e13d2c3fb1ae8670d4 erg711789a.Z

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (Open UNIX-SCO)

Message History:   None.

 Source Message Contents

Subject:  Security Update: [CSSA-2001-SCO.15] Open Unix: lpsystem buffer overflow

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            



	    Caldera International, Inc. Security Advisory

Subject:		Open Unix: lpsystem buffer overflow
Advisory number: 	CSSA-2001-SCO.15
Issue date: 		2001 August 28
Cross reference:

1. Problem Description
	A long argument to /usr/sbin/lpsystem can cause lpsystem to
	have a segmentation violation. This might be used by an
	unauthorized user to gain privilege.

2. Vulnerable Versions

	Operating System	Version		Affected Files
	Open Unix		8.0.0		/usr/sbin/lpsystem

3. Workaround


4. Open Unix

  4.1 Location of Fixed Binaries

  4.2 Verification

	md5 checksums:

	f2048bf92f7a55e13d2c3fb1ae8670d4	erg711789a.Z

	md5 is available for download from

  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711789a.Z
	# pkgadd -d /tmp/erg711789a

5. References

6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


	Caldera International wishes to thank KF <>
	for discovering and reporting this problem.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see




Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC