Alias(es)Hummingbird.InetD.LPD.Component.Buffer.Overflow |
Release DateOct 18, 2006 |
Severitymedium |
ImpactSystem compromise: execution of arbitrary code in the context of the affected applications. |
DescriptionThis indicates an attempt to exploit a buffer-overflow vulnerability in Hummingbird Connectivity LPD printer daemon.The vulnerability is a stack-based buffer overflow that is a result of the software's failure to do proper bounds checking on user supplied data. This may allow a remote attacker to cause a denial of service and possibly execute arbitrary code on a vulnerable system. |
Affected ProductsHummingbird Connectivity 10.0Hummingbird Connectivity 9.0 Hummingbird Connectivity 7.1 SAP GUI SAPlpd 6.28 and earlier. |
Recommended ActionsThe vendors have released patches that address this issue. Please see the referenced advisory for further information.For Hummingbird Connectivity 10.0 * Hummingbird lpdw_10001.zip http://support.hummingbird.com/customer/download.asp?r2=/exceed/10/lpd w_10001.zip For Hummingbird Connectivity 9.0 * Hummingbird lpdw_9001.zip http://support.hummingbird.com/customer/download.asp?r2=/exceed/900/lp dw_9001.zip For SAP GUI SAPlpd: Update at least to -patch level 6 for version 7 -patch level 30 for version 6.40 -patch level 72 for version 6.20 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-0621CVE-2005-1815 |
Reference/shttp://www.securityfocus.com/bid/27613 (BugTraq)http://www.securityfocus.com/bid/13788 (BugTraq) |
