| Alias/es | Hummingbird.InetD.LPD.Component.Buffer.Overflow |
| Last Updated Date | Apr 15, 2008 |
| Release Date | Oct 18, 2006 |
| Severity | High |
| Impact | System compromise: execution of arbitrary code in the context of the affected applications. |
| Description | This indicates an attempt to exploit a buffer-overflow vulnerability in Hummingbird Connectivity LPD printer daemon.
The vulnerability is a stack-based buffer overflow that is a result of the software's failure to do proper bounds checking on user supplied data. This may allow a remote attacker to cause a denial of service and possibly execute arbitrary code on a vulnerable system. |
| Affected Products | Hummingbird Connectivity 10.0
Hummingbird Connectivity 9.0
Hummingbird Connectivity 7.1
SAP GUI SAPlpd 6.28 and earlier. |
| Recommended Actions | The vendors have released patches that address this issue. Please see the referenced advisory for further information.
For Hummingbird Connectivity 10.0
* Hummingbird lpdw_10001.zip
http://support.hummingbird.com/customer/download.asp?r2=/exceed/10/lpd w_10001.zip
For Hummingbird Connectivity 9.0
* Hummingbird lpdw_9001.zip
http://support.hummingbird.com/customer/download.asp?r2=/exceed/900/lp dw_9001.zip
For SAP GUI SAPlpd:
Update at least to
-patch level 6 for version 7
-patch level 30 for version 6.40
-patch level 72 for version 6.20 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0621
|
| Reference/s | http://www.securityfocus.com/bid/13788 (BugTraq)
http://www.securityfocus.com/bid/27613 (BugTraq)
|