Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0144

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-0144
Last Modified 10 Sep 2008 03:18:03
Published 31 Mar 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0144

Summary

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

Vulnerable Systems

Operating System

  • Bsd Lpr 0.48

  • Bsd Lpr 2000-05-07

  • Freebsd 2.2

  • Freebsd 2.2.2

  • Freebsd 2.2.3

  • Freebsd 2.2.4

  • Freebsd 2.2.5

  • Freebsd 2.2.6

  • Openbsd 2.0

  • Openbsd 2.1

  • Openbsd 2.2

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7

  • Openbsd 2.8

  • Openbsd 2.9

  • Openbsd 3.0

  • Openbsd 3.1

  • Openbsd 3.2

Application

  • Lprold 3.0.48


References

BID - 7025

XF - lprm-bo(11473)

SUSE - SuSE-SA:2003:0014

DEBIAN - DSA-275

DEBIAN - DSA-267

SGI - 20030406-02-P

CONFIRM - ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch

MANDRAKE - MDKSA-2003:059

SECUNIA - 8293

BUGTRAQ - 20030308 OpenBSD lprm(1) exploit

BUGTRAQ - 20030305 potential buffer overflow in lprm (fwd)


Last Updated: 27 May 2016 10:37:48