Vulnerabilities > CVE-2000-1221

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

sgi

debian

redhat

critical

exploit available

NVD

Published: 2000-01-08

Updated: 2017-07-11

Summary

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

Vulnerable Configurations

Part	Description	Count
OS	Sgi SGI Irix 6.5 SGI Irix 6.5.1 SGI Irix 6.5.2 SGI Irix 6.5.3 SGI Irix 6.5.4 SGI Irix 6.5.5 SGI Irix 6.5.6 SGI Irix 6.5.7 SGI Irix 6.5.8 SGI Irix 6.5.9 SGI Irix 6.5.10 SGI Irix 6.5.11 SGI Irix 6.5.12 SGI Irix 6.5.13 SGI Irix 6.5.14F SGI Irix 6.5.14M SGI Irix 6.5.15F SGI Irix 6.5.15M SGI Irix 6.5.16F SGI Irix 6.5.16M SGI Irix 6.5.17F SGI Irix 6.5.17M SGI Irix 6.5.18F SGI Irix 6.5.18M	24
OS	Debian Debian Debian Linux 2.1	1
OS	Redhat Redhat Linux 4.1 Redhat Linux 4.2 Redhat Linux 5.0 Redhat Linux 5.2 Redhat Linux 6.0 Redhat Linux 6.1	6

Exploit-Db

description	RedHat 6.1,IRIX 6.5.18 lpd Vulnerabilities. CVE-2000-1221. Remote exploit for unix platform
id	EDB-ID:19722
last seen	2016-02-02
modified	2000-01-11
published	2000-01-11
reporter	anonymous
source	https://www.exploit-db.com/download/19722/
title	RedHat <= 6.1,IRIX <= 6.5.18 lpd Vulnerabilities

Redhat

advisories

rhsa

id	RHSA-2000:002

Vulnerabilities > CVE-2000-1221 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2000-1221"}]}

Summary

Vulnerable Configurations

Exploit-Db

Redhat

References

Vulnerabilities > CVE-2000-1221