CVE-1999-1102
published 1999-12-31CVE-1999-1102: lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack…
PriorityP47low2.1CVSS 2.0
AVLACLAuNCNIPAN
EPSS
0.44%
35.0th percentile
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | a_ux | — | — |
| bsd | bsd | — | — |
| sgi | irix | <= 5.2 | — |
| sun | sunos | <= 4.1.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
lpr on BSD symlink
vuldb·2026-04-20·CVSS 2.1
CVE-1999-1102 [LOW] lpr on BSD symlink
A vulnerability described as problematic has been identified in lpr on BSD. The impacted element is an unknown function. The manipulation results in symlink following.
This vulnerability is reported as CVE-1999-1102. The attack requires a local approach. No exploit exists.
Upgrading the affected component is recommended.
GHSA
GHSA-97ch-49wx-wfmx: lpr on SunOS 4
ghsa_unreviewed·2022-04-30
CVE-1999-1102 [LOW] GHSA-97ch-49wx-wfmx: lpr on SunOS 4
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ciac.llnl.gov/ciac/bulletins/e-25.shtmlhttp://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htmhttp://www.phreak.org/archives/security/8lgm/8lgm.lprhttp://ciac.llnl.gov/ciac/bulletins/e-25.shtmlhttp://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htmhttp://www.phreak.org/archives/security/8lgm/8lgm.lpr
1999-12-31
Published