CVE-2000-1220
First published: Sat Jan 08 2000(Updated: )
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SGI IRIX | =6.5 | |
| SGI IRIX | =6.5.1 | |
| SGI IRIX | =6.5.2 | |
| SGI IRIX | =6.5.3 | |
| SGI IRIX | =6.5.4 | |
| SGI IRIX | =6.5.5 | |
| SGI IRIX | =6.5.6 | |
| SGI IRIX | =6.5.7 | |
| SGI IRIX | =6.5.8 | |
| SGI IRIX | =6.5.9 | |
| SGI IRIX | =6.5.10 | |
| SGI IRIX | =6.5.11 | |
| SGI IRIX | =6.5.12 | |
| SGI IRIX | =6.5.13 | |
| SGI IRIX | =6.5.14f | |
| SGI IRIX | =6.5.14m | |
| SGI IRIX | =6.5.15f | |
| SGI IRIX | =6.5.15m | |
| SGI IRIX | =6.5.16f | |
| SGI IRIX | =6.5.16m | |
| SGI IRIX | =6.5.17f | |
| SGI IRIX | =6.5.17m | |
| SGI IRIX | =6.5.18f | |
| SGI IRIX | =6.5.18m | |
| Red Hat Linux | =4.0 | |
| Red Hat Linux | =4.1 | |
| Red Hat Linux | =4.2 | |
| Red Hat Linux | =5.0 | |
| Red Hat Linux | =5.1 | |
| Red Hat Linux | =5.2 | |
| Red Hat Linux | =6.0 | |
| Red Hat Linux | =6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/lists/bugtraq/2000/Jan/0116.html
- http://www.redhat.com/support/errata/RHSA-2000-002.html
- http://www.kb.cert.org/vuls/id/39001
- http://www.securityfocus.com/bid/927
- http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
- http://www.l0pht.com/advisories/lpd_advisory
- http://www.debian.org/security/2000/20000109
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3841
Frequently Asked Questions
What is the severity of CVE-2000-1220?
CVE-2000-1220 is considered a high severity vulnerability due to the potential for local users to gain root privileges.
How do I fix CVE-2000-1220?
To fix CVE-2000-1220, it is recommended to update the lpr package to the latest version provided by your Linux distribution.
Which Linux versions are affected by CVE-2000-1220?
CVE-2000-1220 affects multiple versions of SGI IRIX and Red Hat Linux, specifically versions listed in the CVE description.
What kind of attack does CVE-2000-1220 enable?
CVE-2000-1220 enables local users to execute arbitrary commands as root by manipulating the line printer daemon.
Is CVE-2000-1220 a remote or local vulnerability?
CVE-2000-1220 is a local vulnerability, meaning it requires local access to the affected system to exploit.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sgi
- product/irix
- canonical/sgi irix
- vendor/redhat
- product/linux
- canonical/redhat linux
- collector/nvd-index
- agent/author
- version/sgi irix/6.5
- version/sgi irix/6.5.1
- version/sgi irix/6.5.2
- version/sgi irix/6.5.3
- version/sgi irix/6.5.4
- version/sgi irix/6.5.5
- version/sgi irix/6.5.6
- version/sgi irix/6.5.7
- version/sgi irix/6.5.8
- version/sgi irix/6.5.9
- version/sgi irix/6.5.10
- version/sgi irix/6.5.11
- version/sgi irix/6.5.12
- version/sgi irix/6.5.13
- version/sgi irix/6.5.14f
- version/sgi irix/6.5.14m
- version/sgi irix/6.5.15f
- version/sgi irix/6.5.15m
- version/sgi irix/6.5.16f
- version/sgi irix/6.5.16m
- version/sgi irix/6.5.17f
- version/sgi irix/6.5.17m
- version/sgi irix/6.5.18f
- version/sgi irix/6.5.18m
- canonical/red hat linux
- version/red hat linux/4.0
- version/red hat linux/4.1
- version/red hat linux/4.2
- version/red hat linux/5.0
- version/red hat linux/5.1
- version/red hat linux/5.2
- version/red hat linux/6.0
- version/red hat linux/6.1