Vulnerability Description
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lprold | Lprold | 3.0.48 |
| Bsd | Lpr | 0.48 |
| Freebsd | Freebsd | 2.2 |
| Openbsd | Openbsd | 2.0 |
References
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
- ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
- http://marc.info/?l=bugtraq&m=104690434504429&w=2
- http://marc.info/?l=bugtraq&m=104714441925019&w=2
- http://secunia.com/advisories/8293
- http://www.debian.org/security/2003/dsa-267
- http://www.debian.org/security/2003/dsa-275
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
- http://www.novell.com/linux/security/advisories/2003_014_lprold.html
- http://www.securityfocus.com/bid/7025ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11473
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
- ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
- http://marc.info/?l=bugtraq&m=104690434504429&w=2
- http://marc.info/?l=bugtraq&m=104714441925019&w=2
FAQ
What is CVE-2003-0144?
CVE-2003-0144 is a vulnerability with a CVSS score of 7.2 (HIGH). Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via lon...
How severe is CVE-2003-0144?
CVE-2003-0144 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0144?
Check the references section above for vendor advisories and patch information. Affected products include: Lprold Lprold, Bsd Lpr, Freebsd Freebsd, Openbsd Openbsd.