CVE-2003-0144

Lprold - Buffer Overflow

Title source: rule

Description

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

Exploits (2)

exploitdb WORKING POC VERIFIED

by CMN · clocalunix

https://www.exploit-db.com/exploits/22332

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Niall Smart · clocalunix

https://www.exploit-db.com/exploits/22331

View Code ZIP pw:eip

References (11)

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2003:059

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P

[Third Party Advisory] http://www.debian.org/security/2003/dsa-275

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/7025

[Third Party Advisory] http://secunia.com/advisories/8293

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2003_014_lprold.html

[Third Party Advisory] http://www.debian.org/security/2003/dsa-267

[Mailing List] http://marc.info/?l=bugtraq&m=104690434504429&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=104714441925019&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/11473

[Various Sources] ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch

Scores

EPSS 0.0025

EPSS Percentile 48.2%

Details

Status published

Products (22)

bsd/lpr 0.48

bsd/lpr 2000-05-07

freebsd/freebsd 2.2

freebsd/freebsd 2.2.2

freebsd/freebsd 2.2.3

freebsd/freebsd 2.2.4

freebsd/freebsd 2.2.5

freebsd/freebsd 2.2.6

lprold/lprold 3.0.48

openbsd/openbsd 2.0

... and 12 more

Published Mar 31, 2003

Tracked Since Feb 18, 2026