Lucene search

[email protected]CVE-2000-1221

HistoryApr 21, 2005 - 4:00 a.m.

CVE-2000-1221

2005-04-2104:00:00

[email protected]

web.nvd.nist.gov

cve-2000-1221

lpd

lpr package

linux

dns attacks

reverse-resolved hostname

access controls

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.2%

JSON

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

Affected configurations

NVD

Node

sgiirixMatch6.5

sgiirixMatch6.5.1

sgiirixMatch6.5.2

sgiirixMatch6.5.3

sgiirixMatch6.5.4

sgiirixMatch6.5.5

sgiirixMatch6.5.6

sgiirixMatch6.5.7

sgiirixMatch6.5.8

sgiirixMatch6.5.9

sgiirixMatch6.5.10

sgiirixMatch6.5.11

sgiirixMatch6.5.12

sgiirixMatch6.5.13

sgiirixMatch6.5.14f

sgiirixMatch6.5.14m

sgiirixMatch6.5.15f

sgiirixMatch6.5.15m

sgiirixMatch6.5.16f

sgiirixMatch6.5.16m

sgiirixMatch6.5.17f

sgiirixMatch6.5.17m

sgiirixMatch6.5.18f

sgiirixMatch6.5.18m

Node

debiandebian_linuxMatch2.1

redhatlinuxMatch4.1

redhatlinuxMatch4.2

redhatlinuxMatch5.0

redhatlinuxMatch5.2i386

redhatlinuxMatch6.0

redhatlinuxMatch6.1i386

CPENameOperatorVersion
sgi:irixsgi irixeq6.5
sgi:irixsgi irixeq6.5.1
sgi:irixsgi irixeq6.5.2
sgi:irixsgi irixeq6.5.3
sgi:irixsgi irixeq6.5.4
sgi:irixsgi irixeq6.5.5
sgi:irixsgi irixeq6.5.6
sgi:irixsgi irixeq6.5.7
sgi:irixsgi irixeq6.5.8
sgi:irixsgi irixeq6.5.9

CPE	Name	Operator	Version
sgi:irix	sgi irix	eq	6.5
sgi:irix	sgi irix	eq	6.5.1
sgi:irix	sgi irix	eq	6.5.2
sgi:irix	sgi irix	eq	6.5.3
sgi:irix	sgi irix	eq	6.5.4
sgi:irix	sgi irix	eq	6.5.5
sgi:irix	sgi irix	eq	6.5.6
sgi:irix	sgi irix	eq	6.5.7
sgi:irix	sgi irix	eq	6.5.8
sgi:irix	sgi irix	eq	6.5.9

Rows per page:

1-10 of 241

References

ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P

rhn.redhat.com/errata/RHSA-2000-002.html

www.atstake.com/research/advisories/2000/lpd_advisory.txt

www.debian.org/security/2000/20000109

www.kb.cert.org/vuls/id/30308

www.l0pht.com/advisories/lpd_advisory

www.securityfocus.com/bid/927

exchange.xforce.ibmcloud.com/vulnerabilities/3840

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for CVE-2000-1221

cvelist1 nvd1 debiancve1