NeXTstep "npd" program could allow an attacker to gain root privileges

nextstep-npd-root-access (7143) The risk level is classified as HighHigh Risk

Description:

NeXTstep could allow a remote attacker to gain elevated system privileges, caused by a vulnerability in the '/usr/lib/NextPrinter/npd' program. On systems that have publicly accessible printers and weak directory permissions, a remote attacker could use this vulnerability to gain root privileges.

Platforms Affected:

  • NeXT, NeXTstep 1.0 and 1.0a

Remedy:

Upgrade to a more secure version of 'lpd' and change the permissions of directories on the system that are currently owned and able to be written by group "wheel", as listed in CERT Advisory CA-1990-06. See References.

Consequences:

Gain Privileges

References:

  • CERT Advisory CA-1990-06, NeXT's System Software at http://www.cert.org/advisories/CA-1990-06.html.
  • CIAC Information Bulletin B-01, Security Problem on the NeXT Operating System at http://ciac.llnl.gov/ciac/bulletins/b-01.shtml.
  • BID-10: NeXTstep npd Vulnerability
  • BID-1000: Microsoft Windows Media Services Handshake Sequence DoS Vulnerability
  • BID-10002: cPanel Multiple Module Cross-Site Scripting Vulnerabilities
  • BID-10003: TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
  • BID-10004: TCPDump ISAKMP Identification Payload Integer Underflow Vulnerability
  • BID-10005: Interchange Remote Information Disclosure Vulnerability
  • BID-10007: Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerability
  • BID-10008: MPlayer Remote HTTP Header Buffer Overflow Vulnerability
  • BID-10009: Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability
  • BID-1001: InterAccess TelnetD Server 4.0 Terminal Configuration Vulnerability
  • BID-10010: LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
  • BID-10013: PHPKit Multiple HTML Injection Vulnerabilities
  • BID-10017: JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
  • BID-10018: MadBMS Unspecified Login Vulnerability
  • BID-10019: Cactusoft CactuShop SQL Injection Vulnerability
  • BID-1002: Sambar Server Batch CGI Vulnerability
  • BID-10020: CactuSoft CactuShop Cross-Site Scripting Vulnerability
  • BID-10022: Roger Wilco Server UDP Datagram Handling Denial Of Service Vulnerability
  • BID-10024: Roger Wilco Information Disclosure Vulnerability
  • BID-10025: Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
  • BID-10026: ADA IMGSVR Remote Directory Listing Vulnerability
  • BID-10027: ADA IMGSVR Remote File Download Vulnerability
  • BID-10028: OpenBSD ISAKMPD Zero Payload Length Denial Of Service Vulnerability
  • BID-1003: FTPx FTP Explorer Weak Password Encryption Vulnerability
  • BID-10033: HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability
  • BID-10036: Macromedia Dreamweaver Remote User Database Access Vulnerability
  • BID-10037: SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities
  • CVE-1999-1391: Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.

Reported:

Oct 03, 1990

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page