CVE-2005-4797

Solaris <10 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.

Exploits (1)

metasploit WORKING POC

by hdm · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb

View Code ZIP pw:eip

References (9)

[Exploit] http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pm

[Patch, Vendor Advisory] http://secunia.com/advisories/16367

[Patch] http://securitytracker.com/id?1014635

[Patch] http://sunsolve.sun.com/search/document.do?assetkey=1-26-101842-1

[Patch, Vendor Advisory] http://www.ciac.org/ciac/bulletins/p-280.shtml

[Exploit, Patch] http://www.securityfocus.com/bid/14510

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/21773

[Third Party Advisory, VDB Entry] http://www.osvdb.org/18650

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/1342

Scores

EPSS 0.7327

EPSS Percentile 98.8%

Details

Status published

Products (6)

sun/solaris 7.0

sun/solaris 8.0

sun/solaris 9.0 (3 CPE variants)

sun/solaris 10.0 (2 CPE variants)

sun/sunos 5.7

sun/sunos 5.8

Published Dec 31, 2005

Tracked Since Feb 18, 2026