CVE-2007-5381

Cisco IOS - Stack-based Buffer Overflow via Long Hostname in LPD Error Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5381. PoCs published by Andy Davis.

AI-analyzed exploit summary This is a writeup describing a remote buffer overflow vulnerability in Cisco IOS LPD service. It provides details on exploitation via SNMP hostname manipulation and a subsequent crash trigger via telnet to port 515.

Description

Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Andy Davis · textremotehardware

https://www.exploit-db.com/exploits/30652

View Code ZIP pw:eip

This is a writeup describing a remote buffer overflow vulnerability in Cisco IOS LPD service. It provides details on exploitation via SNMP hostname manipulation and a subsequent crash trigger via telnet to port 515.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: Cisco IOS versions prior to 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6

Auth required

Prerequisites: SNMP write access to the target device · Ability to change the hostname of the affected router

MITRE ATT&CK