| Vulnerability Name: | CVE-2003-0144 (CCN-11473) | ||||||||||||
| Assigned: | 2003-03-05 | ||||||||||||
| Published: | 2003-03-05 | ||||||||||||
| Updated: | 2017-07-11 | ||||||||||||
| Summary: | Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. | ||||||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch Source: CCN Type: SGI Security Advisory 20030406-01-P Multiple Vulnerabilities in BSD LPR Subsystem Source: CCN Type: SGI Security Advisory 20030406-02-P Multiple Vulnerabilities in BSD LPR Subsystem Source: SGI Type: UNKNOWN 20030406-02-P Source: CCN Type: BugTraq Mailing List, Wed Mar 05 2003 - 16:33:25 CST potential buffer overflow in lprm (fwd) Source: MITRE Type: CNA CVE-2003-0144 Source: BUGTRAQ Type: UNKNOWN 20030305 potential buffer overflow in lprm (fwd) Source: BUGTRAQ Type: UNKNOWN 20030308 OpenBSD lprm(1) exploit Source: CCN Type: SA8293 SuSE lprm command buffer overflow Source: SECUNIA Type: UNKNOWN 8293 Source: CCN Type: CIAC Information Bulletin N-076 Multiple Vulnerabilities in BSD LPR Subsystem Source: DEBIAN Type: UNKNOWN DSA-267 Source: DEBIAN Type: UNKNOWN DSA-275 Source: DEBIAN Type: DSA 267-1 lpr -- buffer overflow Source: DEBIAN Type: DSA-267 lpr -- buffer overflow Source: DEBIAN Type: DSA-275 lpr-ppd -- buffer overflow Source: MANDRAKE Type: UNKNOWN MDKSA-2003:059 Source: SUSE Type: UNKNOWN SuSE-SA:2003:0014 Source: CCN Type: OpenBSD Web site 010: SECURITY FIX: March 5, 2003 Source: CCN Type: OSVDB ID: 7549 lprold lpr Package lprm Command Line Overflow Source: BID Type: Exploit, Patch, Vendor Advisory 7025 Source: CCN Type: BID-7025 Multiple Vendor LPRM Local Buffer Overflow Vulnerability Source: CCN Type: TLSA-2003-21 Buffer overflows Source: XF Type: UNKNOWN lprm-bo(11473) Source: XF Type: UNKNOWN lprm-bo(11473) Source: SUSE Type: SUSE-SA:2003:0014 lprold: local privilege escalation | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||