Vulnerability CVE-2000-0880


Published: 2000-11-14   Modified: 2012-02-12

Description:
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.

Type:

CWE-Other

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.6/10
4.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Plus technologies -> Lpplus 

 References:
http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html
http://www.securityfocus.com/bid/1643
https://exchange.xforce.ibmcloud.com/vulnerabilities/5200

Copyright 2024, cxsecurity.com

 

Back to Top