Vulnerabilities > CVE-2000-1220
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
Vulnerable Configurations
Exploit-Db
description | BSD and Linux lpr Command Local Root Exploit. CVE-2000-1220. Local exploit for linux platform |
id | EDB-ID:325 |
last seen | 2016-01-31 |
modified | 1996-10-25 |
published | 1996-10-25 |
reporter | Vadim Kolontsov |
source | https://www.exploit-db.com/download/325/ |
title | BSD & Linux - lpr Command Local Root Exploit |
Redhat
advisories |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P
- http://seclists.org/lists/bugtraq/2000/Jan/0116.html
- http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
- http://www.debian.org/security/2000/20000109
- http://www.kb.cert.org/vuls/id/39001
- http://www.l0pht.com/advisories/lpd_advisory
- http://www.redhat.com/support/errata/RHSA-2000-002.html
- http://www.securityfocus.com/bid/927
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3841