Title: HP-UX RLPDaemon Arbitrary Log File Creation Vulnerability
Severity: HIGH
Description:
HP-UX is the Unix Operating System developed and distributed by Hewlett Packard.
A problem within the operating system could make it possible for a local user to gain elevated privileges. The problem is in the creation of log files by the rlpdaemon.
The rlpdaemon is the daemon designed to manage print facilities. It is included with default installations of the operating system. There are three supported options that can be invoked by command line flags with the program. The -i option causes the daemon to quit after a request is processed (in the case that it is run via inetd). The -l option instructs the program to log transaction data, default to /var/adm/lp/lpd.log. The -L option allows the executing user to specify the location in which the data should be logged if a place other than /var/adm/lp/lpd.log is desired.
The problem manifests itself when the program is invoked with all three supported flags (-i, -l, and -L). The rlpdaemon program is setuid root. When executed with all three flags, the program can be used to create a file in any place on the file system. With carefully crafted requests, a local user could generate a log file in a specific place with any file name, and could allow the user to gain elevated privileges.
This problem could result in a user gaining elevated privileges, including administrative access.
Affected Products:
- HP HP-UX 10.20.0
- HP HP-UX 11.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
