Vulnerability Details : CVE-2003-0144
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
Vulnerability category: Overflow
Products affected by CVE-2003-0144
- cpe:2.3:o:bsd:lpr:0.48:*:*:*:*:*:*:*
- cpe:2.3:o:bsd:lpr:2000-05-07:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:lprold:lprold:3.0.48:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0144
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0144
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2003-0144
-
ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
-
http://www.debian.org/security/2003/dsa-267
Debian -- The Universal Operating System
-
http://www.novell.com/linux/security/advisories/2003_014_lprold.html
404 Page Not Found | SUSE
-
http://www.debian.org/security/2003/dsa-275
Debian -- The Universal Operating System
-
http://www.securityfocus.com/bid/7025
Exploit;Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/11473
-
http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
Mandriva
-
http://marc.info/?l=bugtraq&m=104690434504429&w=2
'potential buffer overflow in lprm (fwd)' - MARC
-
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
-
http://marc.info/?l=bugtraq&m=104714441925019&w=2
'OpenBSD lprm(1) exploit' - MARC
Jump to