CVE-2003-0144

Published: Mar 31, 2003Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

Affected (22)

Products: Lprold: Lprold · Bsd: Lpr · Freebsd: Freebsd · +1 more

Show all products

Lprold: Lprold · Bsd: Lpr · Freebsd: Freebsd · Openbsd: Openbsd

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lprold Lprold	Version 3.0.48

Configuration B

21 vulnerable

Vulnerable Software	Affected Versions
Bsd Lpr	Version 0.48
Bsd Lpr	Version 2000-05-07
Freebsd Freebsd	Version 2.2.2
Freebsd Freebsd	Version 2.2.3
Freebsd Freebsd	Version 2.2.4
Freebsd Freebsd	Version 2.2.5
Freebsd Freebsd	Version 2.2.6
Freebsd Freebsd	Version 2.2
Openbsd Openbsd	Version 2.0
Openbsd Openbsd	Version 2.1
Openbsd Openbsd	Version 2.2
Openbsd Openbsd	Version 2.3
Openbsd Openbsd	Version 2.4
Openbsd Openbsd	Version 2.5
Openbsd Openbsd	Version 2.6
Openbsd Openbsd	Version 2.7
Openbsd Openbsd	Version 2.8
Openbsd Openbsd	Version 2.9
Openbsd Openbsd	Version 3.0
Openbsd Openbsd	Version 3.1
Openbsd Openbsd	Version 3.2

References (22)

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch (unsafe URL)

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P (unsafe URL)

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=104690434504429&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=104714441925019&w=2

Source: cve@mitre.org

http://secunia.com/advisories/8293

Source: cve@mitre.org

http://www.debian.org/security/2003/dsa-267

Source: cve@mitre.org

http://www.debian.org/security/2003/dsa-275

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2003:059

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2003_014_lprold.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/7025

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/11473

Source: cve@mitre.org

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=104690434504429&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=104714441925019&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/8293

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2003/dsa-267

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2003/dsa-275

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2003:059

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2003_014_lprold.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/7025

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/11473

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.