Vulnerability Name:

CVE-2001-0670 (CCN-7046)

Assigned:2001-08-29
Published:2001-08-29
Updated:2017-10-10
Summary:Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: NetBSD Security Advisory 2001-018
Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon

Source: NETBSD
Type: UNKNOWN
NetBSD-SA2001-018

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-SCO.20
OpenServer: remote buffer overflow vulnerability in BSD line printer daemon

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-SCO.20.1
OpenServer: remote buffer overflow vulnerability in BSD line printer daemon

Source: CALDERA
Type: Patch
CSSA-2001-SCO.20

Source: CCN
Type: IBM Managed Security Services Outside Advisory Redistribution MSS-OAR-E01-2001:391.1
IBM AIX: Buffer Overflow Vulnerabilities in lpd

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-01:58
lpd contains remote root vulnerability

Source: MITRE
Type: CNA
CVE-2001-0670

Source: CCN
Type: RHSA-2001-147
remote exploit possible in lpd

Source: CCN
Type: BSDI Support Web site
BSD/OS Internet Server 4.1 Mods (patches)

Source: CCN
Type: CERT Advisory CA-2001-30
Multiple Vulnerabilities in lpd

Source: CERT
Type: US Government Resource
CA-2001-30

Source: CCN
Type: CIAC Information Bulletin L-137
FreeBSD lpd Remote Root Vulnerability

Source: CCN
Type: CIAC Information Bulletin M-014
UNIX - Multiple Vulnerabilities In LPD

Source: CCN
Type: FreeBSD, Inc. Web site
FreeBSD Security Information

Source: CCN
Type: Internet Security Systems Security Alert #94
Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon

Source: CCN
Type: US-CERT VU#274043
BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request

Source: CERT-VN
Type: US Government Resource
VU#274043

Source: CCN
Type: The NetBSD Project Web site
The NetBSD Project

Source: CCN
Type: OpenBSD Web site
OpenBSD 2.9 errata

Source: OPENBSD
Type: Patch
20010829

Source: CCN
Type: OSVDB ID: 1945
Multiple Unix Vendor lpd Incomplete Print Job Display Queue Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2001:147

Source: BID
Type: UNKNOWN
3252

Source: CCN
Type: BID-3252
Multiple BSD Vendor lpd Buffer Overflow Vulnerability

Source: CCN
Type: BID-3417
SuSE LPROld Remote File Ownership Changing Vulnerability

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:033
lprold

Source: ISS
Type: Patch, Vendor Advisory
20010829 Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon

Source: XF
Type: UNKNOWN
bsd-lpd-bo(7046)

Source: XF
Type: UNKNOWN
bsd-lpd-bo(7046)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:bsd:bsd:*:*:*:*:*:*:*:* (Version <= 4.1)
  • OR cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:* (Version <= 4.3)
  • OR cpe:/o:netbsd:netbsd:*:*:*:*:*:*:*:* (Version <= 1.5.1)
  • OR cpe:/o:openbsd:openbsd:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:windriver:bsdos:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:3.5:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.4:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.3:-:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:current:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    bsd bsd *
    freebsd freebsd *
    netbsd netbsd *
    openbsd openbsd *
    windriver bsdos 2.1
    ibm aix 4.3
    netbsd netbsd 1.4.1
    redhat linux 6.2
    freebsd freebsd 4.0
    suse suse linux 6.3
    suse suse linux 6.4
    netbsd netbsd 1.4.2
    freebsd freebsd 3.5
    netbsd netbsd 1.4
    freebsd freebsd 4.1.1
    freebsd freebsd 4.1
    netbsd netbsd 1.5
    suse suse linux 7.0
    freebsd freebsd 4.2
    suse suse linux 7.1
    ibm aix 5.1
    suse suse linux 7.2
    freebsd freebsd 4.3 -
    netbsd netbsd 1.4.3
    netbsd netbsd 1.5.1
    openbsd openbsd current
    netbsd netbsd 1.5.2