CVE-2000-0880

LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html	Vendor Advisory
http://www.securityfocus.com/bid/1643	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5200
http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html	Vendor Advisory
http://www.securityfocus.com/bid/1643	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5200

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:plus_technologies:lpplus:3.2.2:::::::*
	cpe:2.3:a:plus_technologies:lpplus:3.3:::::::*

History

20 Nov 2024, 23:33

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html - Vendor Advisory~~	() http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/1643 - Exploit, Vendor Advisory~~	() http://www.securityfocus.com/bid/1643 - Exploit, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/5200 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/5200 -

Information

Published : 2000-11-14 05:00

Updated : 2024-11-20 23:33

NVD link : CVE-2000-0880

Mitre link : CVE-2000-0880

CVE.ORG link : CVE-2000-0880

JSON object : View

Products Affected

plus_technologies

lpplus

CWE

NVD-CWE-Other

{"id": "CVE-2000-0880", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2000-11-14T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/1643", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5200", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/1643", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5200", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file."}], "lastModified": "2024-11-20T23:33:29.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plus_technologies:lpplus:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49A54053-DF3A-47E1-AB8A-5BA32BA6AB10"}, {"criteria": "cpe:2.3:a:plus_technologies:lpplus:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C66BF777-D87A-4C19-AC77-49A90C43DCC7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}