Vulnerability Details CVE-2003-0144
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.2%
CVSS Severity
CVSS v2 Score 7.2
References
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
- ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
- http://marc.info/?l=bugtraq&m=104690434504429&w=2
- http://marc.info/?l=bugtraq&m=104714441925019&w=2
- http://secunia.com/advisories/8293
- http://www.debian.org/security/2003/dsa-267
- http://www.debian.org/security/2003/dsa-275
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
- http://www.novell.com/linux/security/advisories/2003_014_lprold.html
- http://www.securityfocus.com/bid/7025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11473
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
- ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
- http://marc.info/?l=bugtraq&m=104690434504429&w=2
- http://marc.info/?l=bugtraq&m=104714441925019&w=2
- http://secunia.com/advisories/8293
- http://www.debian.org/security/2003/dsa-267
- http://www.debian.org/security/2003/dsa-275
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
- http://www.novell.com/linux/security/advisories/2003_014_lprold.html
- http://www.securityfocus.com/bid/7025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11473
Products affected by CVE-2003-0144
-
cpe:2.3:a:lprold:lprold:3.0.48
-
cpe:2.3:o:bsd:lpr:0.48
-
cpe:2.3:o:bsd:lpr:2000-05-07
-
cpe:2.3:o:freebsd:freebsd:2.2
-
cpe:2.3:o:freebsd:freebsd:2.2.2
-
cpe:2.3:o:freebsd:freebsd:2.2.3
-
cpe:2.3:o:freebsd:freebsd:2.2.4
-
cpe:2.3:o:freebsd:freebsd:2.2.5
-
cpe:2.3:o:freebsd:freebsd:2.2.6
-
cpe:2.3:o:openbsd:openbsd:2.0
-
cpe:2.3:o:openbsd:openbsd:2.1
-
cpe:2.3:o:openbsd:openbsd:2.2
-
cpe:2.3:o:openbsd:openbsd:2.3
-
cpe:2.3:o:openbsd:openbsd:2.4
-
cpe:2.3:o:openbsd:openbsd:2.5
-
cpe:2.3:o:openbsd:openbsd:2.6
-
cpe:2.3:o:openbsd:openbsd:2.7
-
cpe:2.3:o:openbsd:openbsd:2.8
-
cpe:2.3:o:openbsd:openbsd:2.9
-
cpe:2.3:o:openbsd:openbsd:3.0
-
cpe:2.3:o:openbsd:openbsd:3.1
-
cpe:2.3:o:openbsd:openbsd:3.2