High

CVE-2003-0144 - Unspecified vulnerability in multiple products

Publication: 2003-03-31
Summary

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

Risk level (CVSS 7.2)

High

7.2

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • BSD LPR 0.48
  • Openbsd Openbsd 2.0
  • Openbsd Openbsd 2.1
  • Openbsd Openbsd 2.2
  • Freebsd Freebsd 2.2
  • Freebsd Freebsd 2.2.2
  • Freebsd Freebsd 2.2.3
  • Freebsd Freebsd 2.2.4
  • Freebsd Freebsd 2.2.5
  • Freebsd Freebsd 2.2.6
  • Openbsd Openbsd 2.3
  • Openbsd Openbsd 2.4
  • Openbsd Openbsd 2.5
  • Openbsd Openbsd 2.6
  • Openbsd Openbsd 2.7
  • Openbsd Openbsd 2.8
  • Openbsd Openbsd 2.9
  • Openbsd Openbsd 3.0
  • BSD LPR 2000-05-07
  • Lprold Lprold 3.0.48
  • Openbsd Openbsd 3.1
  • Openbsd Openbsd 3.2