CVE-2003-0144

NONE EPSS 77.3%
Published Mar 31, 200323y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 31, 2003 23y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

Threat Intelligence

EPSS Exploit Probability
77.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Affected Products 22

VendorProductVersionRange
lproldlprold3.0.48any
bsdlpr0.48any
bsdlpr2000-05-07any
freebsdfreebsd2.2any
freebsdfreebsd2.2.2any
freebsdfreebsd2.2.3any
freebsdfreebsd2.2.4any
freebsdfreebsd2.2.5any
freebsdfreebsd2.2.6any
openbsdopenbsd2.0any
openbsdopenbsd2.1any
openbsdopenbsd2.2any
openbsdopenbsd2.3any
openbsdopenbsd2.4any
openbsdopenbsd2.5any
openbsdopenbsd2.6any
openbsdopenbsd2.7any
openbsdopenbsd2.8any
openbsdopenbsd2.9any
openbsdopenbsd3.0any
openbsdopenbsd3.1any
openbsdopenbsd3.2any

References 11

  • ftp.openbsd.org ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
  • marc.info http://marc.info/?l=bugtraq&m=104690434504429&w=2
  • marc.info http://marc.info/?l=bugtraq&m=104714441925019&w=2
  • secunia.com http://secunia.com/advisories/8293
  • debian.org http://www.debian.org/security/2003/dsa-267
  • debian.org http://www.debian.org/security/2003/dsa-275
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
  • novell.com http://www.novell.com/linux/security/advisories/2003_014_lprold.html
  • securityfocus.com http://www.securityfocus.com/bid/7025
    ExploitPatchVendor Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/11473

Remediation