Description
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.
Exploits (1)
References (8)
Core 8
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2000-002.html
Patch vendor-advisory
x_refsource_debian
http://www.debian.org/security/2000/20000109
Various Sources vendor-advisory
x_refsource_atstake
http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/927
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/30308
Patch vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P
Various Sources vendor-advisory
x_refsource_l0pht
http://www.l0pht.com/advisories/lpd_advisory
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3840
Scores
EPSS
0.1086
EPSS Percentile
93.5%
Details
Status
published
Products (31)
debian/debian_linux
2.1
redhat/linux
4.1
redhat/linux
4.2
redhat/linux
5.0
redhat/linux
5.2
redhat/linux
6.0
redhat/linux
6.1
sgi/irix
6.5
sgi/irix
6.5.1
sgi/irix
6.5.2
... and 21 more
Published
Jan 08, 2000
Tracked Since
Feb 18, 2026