CVE-2003-0144: Buffer Overflow
First published: Fri Mar 14 2003(Updated: )
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| lprold | =3.0.48 | |
| BSD lpr | =0.48 | |
| BSD lpr | =2000-05-07 | |
| FreeBSD Kernel | =2.2 | |
| FreeBSD Kernel | =2.2.2 | |
| FreeBSD Kernel | =2.2.3 | |
| FreeBSD Kernel | =2.2.4 | |
| FreeBSD Kernel | =2.2.5 | |
| FreeBSD Kernel | =2.2.6 | |
| OpenBSD | =2.0 | |
| OpenBSD | =2.1 | |
| OpenBSD | =2.2 | |
| OpenBSD | =2.3 | |
| OpenBSD | =2.4 | |
| OpenBSD | =2.5 | |
| OpenBSD | =2.6 | |
| OpenBSD | =2.7 | |
| OpenBSD | =2.8 | |
| OpenBSD | =2.9 | |
| OpenBSD | =3.0 | |
| OpenBSD | =3.1 | |
| OpenBSD | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=bugtraq&m=104690434504429&w=2
- http://marc.info/?l=bugtraq&m=104714441925019&w=2
- http://secunia.com/advisories/8293
- http://www.debian.org/security/2003/dsa-267
- http://www.debian.org/security/2003/dsa-275
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
- http://www.novell.com/linux/security/advisories/2003_014_lprold.html
- http://www.securityfocus.com/bid/7025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11473
Frequently Asked Questions
What is the severity of CVE-2003-0144?
CVE-2003-0144 has been assessed as critical because it allows local users to gain root privileges through a buffer overflow.
How do I fix CVE-2003-0144?
To fix CVE-2003-0144, update the lpr or lprold package to a version that is not vulnerable.
Who is vulnerable to CVE-2003-0144?
Systems running affected versions of the lprm command in the lprold package, specifically SuSE 7.1 to 7.3 and OpenBSD 3.2 and earlier, are vulnerable.
What causes the vulnerability in CVE-2003-0144?
CVE-2003-0144 is caused by a buffer overflow due to insufficient validation of command line arguments for user input.
Can CVE-2003-0144 be exploited remotely?
CVE-2003-0144 cannot be exploited remotely; it requires local access to the system.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/lprold
- canonical/lprold
- version/lprold/3.0.48
- vendor/bsd
- canonical/bsd lpr
- version/bsd lpr/0.48
- version/bsd lpr/2000-05-07
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/2.2
- version/freebsd kernel/2.2.2
- version/freebsd kernel/2.2.3
- version/freebsd kernel/2.2.4
- version/freebsd kernel/2.2.5
- version/freebsd kernel/2.2.6
- vendor/openbsd
- canonical/openbsd
- version/openbsd/2.0
- version/openbsd/2.1
- version/openbsd/2.2
- version/openbsd/2.3
- version/openbsd/2.4
- version/openbsd/2.5
- version/openbsd/2.6
- version/openbsd/2.7
- version/openbsd/2.8
- version/openbsd/2.9
- version/openbsd/3.0
- version/openbsd/3.1
- version/openbsd/3.2