Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0032

5 documents4 sources
Severity
7.2HIGH
EPSS
0.2%
top 58.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Bsdi BSD OSFreebsd FreebsdNext Nextstep+2 more
Timeline
PublishedOct 25
Latest updateMay 3

Description

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

NVDsgi/irix12 versions+11
NVDsun/sunos4.1.3u1, 4.1.4+1
NVDbsdi/bsd_os2.1
NVDnext/nextstep4.0, 4.1+1

Also affects: Freebsd 2.0, 2.0.5, 2.1.0, 2.1.5

🔴Vulnerability Details

2
GHSA
GHSA-j5x2-76rq-wcfx: Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classificati2022-05-03
CVEList
CVE-1999-0032: Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classificati1999-09-29

💥Exploits & PoCs

2
Exploit-DB
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (1)1996-10-25
Exploit-DB
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - '/usr/bin/lpr' Buffer Overrun Privilege Escalation (2)1996-10-25
CVE-1999-0032 (HIGH CVSS 7.2) | Buffer overflow in lpr | cvebase.io