CVE-2000-1220

Linux lpr - Privilege Escalation

Title source: llm

Description

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vadim Kolontsov · clocallinux

https://www.exploit-db.com/exploits/325

View Code ZIP pw:eip

References (9)

[Third Party Advisory] http://www.debian.org/security/2000/20000109

[Mailing List] http://seclists.org/lists/bugtraq/2000/Jan/0116.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/927

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/3841

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P

[Various Sources] http://www.l0pht.com/advisories/lpd_advisory

[US Government Resource] http://www.kb.cert.org/vuls/id/39001

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2000-002.html

[Various Sources] http://www.atstake.com/research/advisories/2000/lpd_advisory.txt

Scores

EPSS 0.0313

EPSS Percentile 86.9%

Details

Status published

Products (32)

redhat/linux 4.0

redhat/linux 4.1

redhat/linux 4.2

redhat/linux 5.0

redhat/linux 5.1

redhat/linux 5.2

redhat/linux 6.0

redhat/linux 6.1

sgi/irix 6.5

sgi/irix 6.5.1

... and 22 more

Published Jan 08, 2000

Tracked Since Feb 18, 2026