Vulnerability Description
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Plus Technologies | Lpplus | 3.2.2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.htmlVendor Advisory
- http://www.securityfocus.com/bid/1643ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5200
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.htmlVendor Advisory
- http://www.securityfocus.com/bid/1643ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5200
FAQ
What is CVE-2000-0880?
CVE-2000-0880 is a vulnerability with a CVSS score of 3.6 (LOW). LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program ...
How severe is CVE-2000-0880?
CVE-2000-0880 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0880?
Check the references section above for vendor advisories and patch information. Affected products include: Plus Technologies Lpplus.