Vulnerability CVE-2003-0144


Published: 2003-03-31   Modified: 2012-02-12

Description:
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Openbsd -> Openbsd 
Lprold -> Lprold 
Freebsd -> Freebsd 
BSD -> LPR 

 References:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
http://marc.info/?l=bugtraq&m=104690434504429&w=2
http://marc.info/?l=bugtraq&m=104714441925019&w=2
http://www.debian.org/security/2003/dsa-267
http://www.debian.org/security/2003/dsa-275
http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
http://www.novell.com/linux/security/advisories/2003_014_lprold.html
http://www.securityfocus.com/bid/7025
https://exchange.xforce.ibmcloud.com/vulnerabilities/11473

Copyright 2024, cxsecurity.com

 

Back to Top