CVE-2000-0407
published 2000-05-12CVE-2000-0407: Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
PriorityP423high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.08%
60.8th percentile
Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (1)
exploitdb·1999-05-23
CVE-2000-0407 Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (1)
Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/1200/info
A buffer overrun exists in the 'netpr' program, part of the SUNWpcu (LP) package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as being vulnerable. The overflow is present in the -p option, normally used to specify a printer. By specifying a long buffer containing machine executable code, it is possible to execute arbitrary commands as root. On Sparc, the exploits provided will spawn a root shell, whereas on x86 it will create a setuid root shell in /tmp.
/**
*** netprex - SPARC Solaris root exploit for /usr/lib/lp/bin/netpr
***
*** Tested and confirmed under Solaris 2.6 and 7 (SPARC)
***
*** U
Exploit-DB
Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (2)
exploitdb·1999-03-04
CVE-2000-0407 Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (2)
Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/1200/info
A buffer overrun exists in the 'netpr' program, part of the SUNWpcu (LP) package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as being vulnerable. The overflow is present in the -p option, normally used to specify a printer. By specifying a long buffer containing machine executable code, it is possible to execute arbitrary commands as root. On Sparc, the exploits provided will spawn a root shell, whereas on x86 it will create a setuid root shell in /tmp.
/**
*** netprex - i386 Solaris root exploit for /usr/lib/lp/bin/netpr
***
*** Tested and confirmed under Solaris 2.6 and 7 (i386)
***
*** Usa
No writeups or analysis indexed.
2000-05-12
Published