CVE-2000-1221
First published: Sat Jan 08 2000(Updated: )
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SGI IRIX | =6.5 | |
| SGI IRIX | =6.5.1 | |
| SGI IRIX | =6.5.2 | |
| SGI IRIX | =6.5.3 | |
| SGI IRIX | =6.5.4 | |
| SGI IRIX | =6.5.5 | |
| SGI IRIX | =6.5.6 | |
| SGI IRIX | =6.5.7 | |
| SGI IRIX | =6.5.8 | |
| SGI IRIX | =6.5.9 | |
| SGI IRIX | =6.5.10 | |
| SGI IRIX | =6.5.11 | |
| SGI IRIX | =6.5.12 | |
| SGI IRIX | =6.5.13 | |
| SGI IRIX | =6.5.14f | |
| SGI IRIX | =6.5.14m | |
| SGI IRIX | =6.5.15f | |
| SGI IRIX | =6.5.15m | |
| SGI IRIX | =6.5.16f | |
| SGI IRIX | =6.5.16m | |
| SGI IRIX | =6.5.17f | |
| SGI IRIX | =6.5.17m | |
| SGI IRIX | =6.5.18f | |
| SGI IRIX | =6.5.18m | |
| Debian Debian Linux | =2.1 | |
| Red Hat Linux | =4.1 | |
| Red Hat Linux | =4.2 | |
| Red Hat Linux | =5.0 | |
| Red Hat Linux | =5.2 | |
| Red Hat Linux | =6.0 | |
| Red Hat Linux | =6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2000/20000109
- http://rhn.redhat.com/errata/RHSA-2000-002.html
- http://www.kb.cert.org/vuls/id/30308
- http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
- http://www.securityfocus.com/bid/927
- http://www.l0pht.com/advisories/lpd_advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3840
Frequently Asked Questions
What is the severity of CVE-2000-1221?
CVE-2000-1221 has a moderate severity level due to its ability to bypass access controls.
How do I fix CVE-2000-1221?
To fix CVE-2000-1221, upgrade to the latest version of the lpr package that addresses this vulnerability.
Which systems are affected by CVE-2000-1221?
CVE-2000-1221 affects multiple versions of the SGI IRIX and Red Hat Linux operating systems.
What type of attack does CVE-2000-1221 enable?
CVE-2000-1221 enables remote attackers to bypass intended access controls on the line printer daemon.
Is CVE-2000-1221 still a concern today?
While CVE-2000-1221 is an older vulnerability, it remains a concern if affected systems are still in use and not patched.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/sgi
- canonical/sgi irix
- version/sgi irix/6.5
- version/sgi irix/6.5.1
- version/sgi irix/6.5.2
- version/sgi irix/6.5.3
- version/sgi irix/6.5.4
- version/sgi irix/6.5.5
- version/sgi irix/6.5.6
- version/sgi irix/6.5.7
- version/sgi irix/6.5.8
- version/sgi irix/6.5.9
- version/sgi irix/6.5.10
- version/sgi irix/6.5.11
- version/sgi irix/6.5.12
- version/sgi irix/6.5.13
- version/sgi irix/6.5.14f
- version/sgi irix/6.5.14m
- version/sgi irix/6.5.15f
- version/sgi irix/6.5.15m
- version/sgi irix/6.5.16f
- version/sgi irix/6.5.16m
- version/sgi irix/6.5.17f
- version/sgi irix/6.5.17m
- version/sgi irix/6.5.18f
- version/sgi irix/6.5.18m
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/2.1
- vendor/redhat
- canonical/red hat linux
- version/red hat linux/4.1
- version/red hat linux/4.2
- version/red hat linux/5.0
- version/red hat linux/5.2
- version/red hat linux/6.0
- version/red hat linux/6.1