Vulnerability Description
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgi | Irix | 6.5 |
| Redhat | Linux | 4.0 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P
- http://seclists.org/lists/bugtraq/2000/Jan/0116.html
- http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
- http://www.debian.org/security/2000/20000109
- http://www.kb.cert.org/vuls/id/39001US Government Resource
- http://www.l0pht.com/advisories/lpd_advisory
- http://www.redhat.com/support/errata/RHSA-2000-002.html
- http://www.securityfocus.com/bid/927
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3841
- ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P
- http://seclists.org/lists/bugtraq/2000/Jan/0116.html
- http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
- http://www.debian.org/security/2000/20000109
- http://www.kb.cert.org/vuls/id/39001US Government Resource
- http://www.l0pht.com/advisories/lpd_advisory
FAQ
What is CVE-2000-1220?
CVE-2000-1220 is a vulnerability with a CVSS score of 10.0 (HIGH). The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as...
How severe is CVE-2000-1220?
CVE-2000-1220 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-1220?
Check the references section above for vendor advisories and patch information. Affected products include: Sgi Irix, Redhat Linux.