| Vulnerability Name: | CVE-2000-0880 (CCN-5200) | ||||||||
| Assigned: | 2000-09-06 | ||||||||
| Published: | 2000-09-06 | ||||||||
| Updated: | 2017-12-19 | ||||||||
| Summary: | LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: BUGTRAQ Type: Vendor Advisory 20000906 Multiple Security Holes in LPPlus Source: CCN Type: BugTraq Mailing List, Wed Sep 06 2000 - 08:06:49 CDT Multiple Security Holes in LPPlus Source: MITRE Type: CNA CVE-2000-0880 Source: CCN Type: OSVDB ID: 13739 LPPlus lpdprocess File Permission Weakness Arbitrary Process Termination Source: CCN Type: Plus Technologies Web site Delivery-ware Solutions Source: BID Type: Exploit, Vendor Advisory 1643 Source: CCN Type: BID-1643 LPPlus Permissions DoS Vulnerabilities Source: XF Type: UNKNOWN lpplus-process-perms-dos(5200) Source: XF Type: UNKNOWN lpplus-process-perms-dos(5200) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||