CVE-2000-1220
BSD / Linux - 'lpr' Local Privilege Escalation
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 1996-10-25 First Exploit
- 2000-01-08 CVE Published
- 2005-04-21 CVE Reserved
- 2024-03-28 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/lists/bugtraq/2000/Jan/0116.html | Mailing List |
|
| http://www.atstake.com/research/advisories/2000/lpd_advisory.txt | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/39001 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/927 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/3841 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/325 | 1996-10-25 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P | 2017-07-11 | |
| http://www.debian.org/security/2000/20000109 | 2017-07-11 | |
| http://www.l0pht.com/advisories/lpd_advisory | 2017-07-11 | |
| http://www.redhat.com/support/errata/RHSA-2000-002.html | 2017-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5 Search vendor "Sgi" for product "Irix" and version "6.5" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.1 Search vendor "Sgi" for product "Irix" and version "6.5.1" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.2 Search vendor "Sgi" for product "Irix" and version "6.5.2" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.3 Search vendor "Sgi" for product "Irix" and version "6.5.3" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.4 Search vendor "Sgi" for product "Irix" and version "6.5.4" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.5 Search vendor "Sgi" for product "Irix" and version "6.5.5" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.6 Search vendor "Sgi" for product "Irix" and version "6.5.6" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.7 Search vendor "Sgi" for product "Irix" and version "6.5.7" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.8 Search vendor "Sgi" for product "Irix" and version "6.5.8" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.9 Search vendor "Sgi" for product "Irix" and version "6.5.9" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.10 Search vendor "Sgi" for product "Irix" and version "6.5.10" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.11 Search vendor "Sgi" for product "Irix" and version "6.5.11" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.12 Search vendor "Sgi" for product "Irix" and version "6.5.12" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.13 Search vendor "Sgi" for product "Irix" and version "6.5.13" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.14f Search vendor "Sgi" for product "Irix" and version "6.5.14f" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.14m Search vendor "Sgi" for product "Irix" and version "6.5.14m" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.15f Search vendor "Sgi" for product "Irix" and version "6.5.15f" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.15m Search vendor "Sgi" for product "Irix" and version "6.5.15m" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.16f Search vendor "Sgi" for product "Irix" and version "6.5.16f" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.16m Search vendor "Sgi" for product "Irix" and version "6.5.16m" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.17f Search vendor "Sgi" for product "Irix" and version "6.5.17f" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.17m Search vendor "Sgi" for product "Irix" and version "6.5.17m" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.18f Search vendor "Sgi" for product "Irix" and version "6.5.18f" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5.18m Search vendor "Sgi" for product "Irix" and version "6.5.18m" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 4.0 Search vendor "Redhat" for product "Linux" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 4.1 Search vendor "Redhat" for product "Linux" and version "4.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 4.2 Search vendor "Redhat" for product "Linux" and version "4.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 5.0 Search vendor "Redhat" for product "Linux" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 5.1 Search vendor "Redhat" for product "Linux" and version "5.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 5.2 Search vendor "Redhat" for product "Linux" and version "5.2" | i386 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 6.0 Search vendor "Redhat" for product "Linux" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 6.1 Search vendor "Redhat" for product "Linux" and version "6.1" | i386 |
Affected
| ||||||