CVE-2005-3277 Information

Description

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters (`\ or single backquote) in a request that is not properly handled when an error occurs as demonstrated by killing the connection a different vulnerability than CVE-2002-1473.

Reference

http://archives.neohapsis.com/archives/hp/2002-q3/0064.html http://www.frsirt.com/exploits/20051019.hpux_lpd_exec.pm.php http://www.securityfocus.com/bid/15136