CVE-2000-1221

Published: Jan 8, 2000Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

Affected (31)

Products: Sgi: Irix · Debian: Debian Linux · Redhat: Linux

1 product

1 product

1 product

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Sgi Irix	Version 6.5.10
Sgi Irix	Version 6.5.11
Sgi Irix	Version 6.5.12
Sgi Irix	Version 6.5.13
Sgi Irix	Version 6.5.14f
Sgi Irix	Version 6.5.14m
Sgi Irix	Version 6.5.15f
Sgi Irix	Version 6.5.15m
Sgi Irix	Version 6.5.16f
Sgi Irix	Version 6.5.16m
Sgi Irix	Version 6.5.17f
Sgi Irix	Version 6.5.17m
Sgi Irix	Version 6.5.18f
Sgi Irix	Version 6.5.18m
Sgi Irix	Version 6.5.1
Sgi Irix	Version 6.5.2
Sgi Irix	Version 6.5.3
Sgi Irix	Version 6.5.4
Sgi Irix	Version 6.5.5
Sgi Irix	Version 6.5.6
Sgi Irix	Version 6.5.7
Sgi Irix	Version 6.5.8
Sgi Irix	Version 6.5.9
Sgi Irix	Version 6.5

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 2.1
Redhat Linux	Version 4.1
Redhat Linux	Version 4.2
Redhat Linux	Version 5.0
Redhat Linux	Version 5.2
Redhat Linux	Version 6.0
Redhat Linux	Version 6.1