CVE-2000-1221

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.debian.org/security/2000/20000109	Patch
http://rhn.redhat.com/errata/RHSA-2000-002.html
ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P	Patch
http://www.kb.cert.org/vuls/id/30308	US Government Resource
http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
http://www.securityfocus.com/bid/927
http://www.l0pht.com/advisories/lpd_advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/3840

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:sgi:irix:6.5:::::::*
	cpe:2.3:o:sgi:irix:6.5.14m:::::::*
	cpe:2.3:o:sgi:irix:6.5.15f:::::::*
	cpe:2.3:o:sgi:irix:6.5.2:::::::*
	cpe:2.3:o:sgi:irix:6.5.3:::::::*
	cpe:2.3:o:sgi:irix:6.5.13:::::::*
	cpe:2.3:o:sgi:irix:6.5.14f:::::::*
	cpe:2.3:o:sgi:irix:6.5.17m:::::::*
	cpe:2.3:o:sgi:irix:6.5.18f:::::::*
	cpe:2.3:o:sgi:irix:6.5.18m:::::::*
	cpe:2.3:o:sgi:irix:6.5.8:::::::*
	cpe:2.3:o:sgi:irix:6.5.16m:::::::*
	cpe:2.3:o:sgi:irix:6.5.6:::::::*
	cpe:2.3:o:sgi:irix:6.5.17f:::::::*
	cpe:2.3:o:sgi:irix:6.5.1:::::::*
	cpe:2.3:o:sgi:irix:6.5.10:::::::*
	cpe:2.3:o:sgi:irix:6.5.12:::::::*
	cpe:2.3:o:sgi:irix:6.5.9:::::::*
	cpe:2.3:o:sgi:irix:6.5.16f:::::::*
	cpe:2.3:o:sgi:irix:6.5.5:::::::*
	cpe:2.3:o:sgi:irix:6.5.4:::::::*
	cpe:2.3:o:sgi:irix:6.5.15m:::::::*
	cpe:2.3:o:sgi:irix:6.5.11:::::::*
	cpe:2.3:o:sgi:irix:6.5.7:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:2.1:::::::*
	cpe:2.3:o:redhat:linux:6.0:::::::*
	cpe:2.3:o:redhat:linux:6.1::i386:::::
	cpe:2.3:o:redhat:linux:4.1:::::::*
	cpe:2.3:o:redhat:linux:4.2:::::::*
	cpe:2.3:o:redhat:linux:5.0:::::::*
	cpe:2.3:o:redhat:linux:5.2::i386:::::

Information

Published : 2000-01-07 21:00

Updated : 2017-07-10 18:29

NVD link : CVE-2000-1221

Mitre link : CVE-2000-1221

JSON object : View

CWE

NVD-CWE-Other

Products Affected

debian

debian_linux

redhat

linux

sgi

irix

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2000/20000109", "name": "20000109 lpr -- access control problem and root exploit", "tags": ["Patch"], "refsource": "DEBIAN"}, {"url": "http://rhn.redhat.com/errata/RHSA-2000-002.html", "name": "RHSA-2000:002", "tags": [], "refsource": "REDHAT"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P", "name": "20021104-01-P", "tags": ["Patch"], "refsource": "SGI"}, {"url": "http://www.kb.cert.org/vuls/id/30308", "name": "VU#30308", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.atstake.com/research/advisories/2000/lpd_advisory.txt", "name": "A010800-v", "tags": [], "refsource": "ATSTAKE"}, {"url": "http://www.securityfocus.com/bid/927", "name": "927", "tags": [], "refsource": "BID"}, {"url": "http://www.l0pht.com/advisories/lpd_advisory", "name": "20000108 Quadruple Inverted Backflip", "tags": [], "refsource": "L0PHT"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3840", "name": "redhat-lpd-auth(3840)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2000-1221", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2000-01-08T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:6.1:*:i386:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:29Z"}

10.0 /10