Vulnerability Name:

CVE-2000-0917 (CCN-5287)

Assigned:2000-09-25
Published:2000-09-25
Updated:2017-10-10
Summary:Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-00:56
LPRng contains potential root compromise

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-00:56

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2000-033.0
format bug in LPRng

Source: BUGTRAQ
Type: UNKNOWN
20000925 Format strings: bug #2: LPRng

Source: CCN
Type: BugTraq Mailing List, Mon Sep 25 2000 - 18:57:43 CDT
Format strings: bug #2: LPRng

Source: MITRE
Type: CNA
CVE-2000-0917

Source: CCN
Type: RHSA-2000:065-04
LPRng contains a critical string format bug

Source: CCN
Type: TurboLinux Security Announcement TLSA2001001-1
LPRng-3.6.26-1

Source: CALDERA
Type: UNKNOWN
CSSA-2000-033.0

Source: CCN
Type: CERT Advisory CA-2000-22
Input Validation Problems in LPRng

Source: CERT
Type: US Government Resource
CA-2000-22

Source: CCN
Type: CIAC Information Bulletin L-004
FreeBSD LPRng Vulnerability

Source: CCN
Type: CIAC Information Bulletin L-025
LPRng Format String Vulnerability

Source: CCN
Type: US-CERT VU#382365
LPRng can pass user-supplied input as a format string parameter to syslog() calls

Source: CCN
Type: OSVDB ID: 421
LPRng use_syslog() Remote Format String

Source: REDHAT
Type: UNKNOWN
RHSA-2000:065

Source: BID
Type: Exploit, Patch, Vendor Advisory
1712

Source: CCN
Type: BID-1712
Multiple Vendor LPRng User-Supplied Format String Vulnerability

Source: XF
Type: UNKNOWN
lprng-format-string(5287)

Source: XF
Type: UNKNOWN
lprng-format-string(5287)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:caldera:openlinux_ebuilder:3.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:caldera:openlinux:*:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux_edesktop:2.4:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    caldera openlinux ebuilder 3.0
    caldera openlinux *
    caldera openlinux edesktop 2.4
    caldera openlinux eserver 2.3
    redhat linux 7.0
    trustix secure linux 1.0
    trustix secure linux 1.1
    linux linux kernel *
    freebsd freebsd *
    turbolinux turbolinux *
    caldera openlinux 2.3
    caldera openlinux 2.4
    redhat linux 7
    redhat linux 7.1
    compaq tru64 *
    redhat linux 7.2
    redhat linux 7.3