Overview
The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail.
Description
The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail. These options could be used to specify another configuration file allowing an intruder to gain root access. |
Impact
An intruder may be able to gain root access. In conjunction with another vulnerability (e.g., VU#30308), this can be exploited from hosts not normally authorized to use the lpd service. |
Solution
Apply the patches, if available, from your vendor. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
The CERT/CC would like to thank @Stake, Red Hat and Debian for the information provided in their security advisories.
This document was written by Jason Rafail.
Other Information
| CVE IDs: | CVE-2000-1208 |
| Severity Metric: | 14.06 |
| Date Public: | 2000-01-08 |
| Date First Published: | 2001-10-16 |
| Date Last Updated: | 2001-11-09 17:11 UTC |
| Document Revision: | 13 |