CVE-1999-1102

SGI IRIX < 5.2 - Arbitrary File Write via lpr Symlink Attack

Title source: llm
STIX 2.1

Description

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

References (3)

Core 3
Core References
Exploit, Vendor Advisory x_refsource_misc
http://www.phreak.org/archives/security/8lgm/8lgm.lpr
Various Sources mailing-list x_refsource_bugtraq
http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm
Patch, Vendor Advisory third-party-advisory government-resource x_refsource_ciac
http://ciac.llnl.gov/ciac/bulletins/e-25.shtml

Scores

EPSS 0.0012
EPSS Percentile 30.6%

Details

Status published
Products (4)
apple/a_ux 2.0.1
bsd/bsd 4.3
sgi/irix < 5.2
sun/sunos < 4.1.1
Published Dec 31, 1999
Tracked Since Feb 18, 2026