CVE-2005-4797 : Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to

Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.

Published 2005-12-31 05:00:00

Updated 2018-10-30 16:26:23

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Threat overview for CVE-2005-4797

Top countries where our scanners detected CVE-2005-4797

Top open port discovered on systems with this issue 554

IPs affected by CVE-2005-4797 2

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2005-4797!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2005-4797

Probability of exploitation activity in the next 30 days: 96.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2005-4797

Solaris LPD Arbitrary File Delete

First seen: 2020-04-26

auxiliary/dos/solaris/lpd/cascade_delete

This module uses a vulnerability in the Solaris line printer daemon to delete arbitrary files on an affected system. This can be used to exploit the rpc.walld format string flaw, the missing krb5.conf authentication bypass, or simply delete system files. Test

More information

CVSS scores for CVE-2005-4797

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2005-4797

http://securitytracker.com/id?1014635

Patch
http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pm

Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/21773
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101842-1

Patch
http://www.ciac.org/ciac/bulletins/p-280.shtml

Patch;Vendor Advisory
http://www.vupen.com/english/advisories/2005/1342
http://www.securityfocus.com/bid/14510

Sun Solaris Printd Arbitrary File Deletion Vulnerability
Exploit;Patch

Products affected by CVE-2005-4797

SUN » Sunos » Version: 5.7
cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
Matching versions
SUN » Sunos » Version: 5.8
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 7.0 X86 Edition
cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 9.0 Sparc Edition
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 8.0 X86 Edition
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 9.0 Update X86 Update 2
cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 9.0 X86 Edition
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 10.0 Sparc Edition
cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 10.0 X86 Edition
cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
Matching versions