CVE-2000-1221

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P	Patch
http://rhn.redhat.com/errata/RHSA-2000-002.html
http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
http://www.debian.org/security/2000/20000109	Patch
http://www.kb.cert.org/vuls/id/30308	US Government Resource
http://www.l0pht.com/advisories/lpd_advisory
http://www.securityfocus.com/bid/927
https://exchange.xforce.ibmcloud.com/vulnerabilities/3840
ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P	Patch
http://rhn.redhat.com/errata/RHSA-2000-002.html
http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
http://www.debian.org/security/2000/20000109	Patch
http://www.kb.cert.org/vuls/id/30308	US Government Resource
http://www.l0pht.com/advisories/lpd_advisory
http://www.securityfocus.com/bid/927
https://exchange.xforce.ibmcloud.com/vulnerabilities/3840

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:sgi:irix:6.5:::::::*
	cpe:2.3:o:sgi:irix:6.5.1:::::::*
	cpe:2.3:o:sgi:irix:6.5.2:::::::*
	cpe:2.3:o:sgi:irix:6.5.3:::::::*
	cpe:2.3:o:sgi:irix:6.5.4:::::::*
	cpe:2.3:o:sgi:irix:6.5.5:::::::*
	cpe:2.3:o:sgi:irix:6.5.6:::::::*
	cpe:2.3:o:sgi:irix:6.5.7:::::::*
	cpe:2.3:o:sgi:irix:6.5.8:::::::*
	cpe:2.3:o:sgi:irix:6.5.9:::::::*
	cpe:2.3:o:sgi:irix:6.5.10:::::::*
	cpe:2.3:o:sgi:irix:6.5.11:::::::*
	cpe:2.3:o:sgi:irix:6.5.12:::::::*
	cpe:2.3:o:sgi:irix:6.5.13:::::::*
	cpe:2.3:o:sgi:irix:6.5.14f:::::::*
	cpe:2.3:o:sgi:irix:6.5.14m:::::::*
	cpe:2.3:o:sgi:irix:6.5.15f:::::::*
	cpe:2.3:o:sgi:irix:6.5.15m:::::::*
	cpe:2.3:o:sgi:irix:6.5.16f:::::::*
	cpe:2.3:o:sgi:irix:6.5.16m:::::::*
	cpe:2.3:o:sgi:irix:6.5.17f:::::::*
	cpe:2.3:o:sgi:irix:6.5.17m:::::::*
	cpe:2.3:o:sgi:irix:6.5.18f:::::::*
	cpe:2.3:o:sgi:irix:6.5.18m:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:2.1:::::::*
	cpe:2.3:o:redhat:linux:4.1:::::::*
	cpe:2.3:o:redhat:linux:4.2:::::::*
	cpe:2.3:o:redhat:linux:5.0:::::::*
	cpe:2.3:o:redhat:linux:5.2::i386:::::
	cpe:2.3:o:redhat:linux:6.0:::::::*
	cpe:2.3:o:redhat:linux:6.1::i386:::::

History

20 Nov 2024, 23:34

Type	Values Removed	Values Added
References	~~() ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P - Patch~~	() ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P - Patch
References	~~() http://rhn.redhat.com/errata/RHSA-2000-002.html -~~	() http://rhn.redhat.com/errata/RHSA-2000-002.html -
References	~~() http://www.atstake.com/research/advisories/2000/lpd_advisory.txt -~~	() http://www.atstake.com/research/advisories/2000/lpd_advisory.txt -
References	~~() http://www.debian.org/security/2000/20000109 - Patch~~	() http://www.debian.org/security/2000/20000109 - Patch
References	~~() http://www.kb.cert.org/vuls/id/30308 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/30308 - US Government Resource
References	~~() http://www.l0pht.com/advisories/lpd_advisory -~~	() http://www.l0pht.com/advisories/lpd_advisory -
References	~~() http://www.securityfocus.com/bid/927 -~~	() http://www.securityfocus.com/bid/927 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/3840 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/3840 -

Information

Published : 2000-01-08 05:00

Updated : 2024-11-20 23:34

NVD link : CVE-2000-1221

Mitre link : CVE-2000-1221

CVE.ORG link : CVE-2000-1221

JSON object : View

Products Affected

sgi

irix

redhat

linux

debian

debian_linux

CWE

NVD-CWE-Other

10.0 /10