Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0917

9 documents6 sources
Severity
10.0CRITICAL
EPSS
86.1%
top 0.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Caldera Openlinux EbuilderCaldera Openlinux EdesktopCaldera Openlinux Eserver+2 more
Timeline
PublishedDec 19
Latest updateMay 3

Description

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

NVDredhat/linux7.0
NVDtrustix/secure_linux1.0, 1.1+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-3prc-rhm4-9vg8: Format string vulnerability in use_syslog() function in LPRng 32022-05-03
CVEList
CVE-2000-0917: Format string vulnerability in use_syslog() function in LPRng 32001-01-22

💥Exploits & PoCs

4
Exploit-DB
LPRng - use_syslog Remote Format String (Metasploit)2010-07-03
Exploit-DB
LPRng 3.6.24-1 - Remote Command Execution2000-12-15
Exploit-DB
LPRng 3.6.22/23/24 - Remote Command Execution2000-12-11
Exploit-DB
LPRng (RedHat 7.0) - 'lpd' Format String2000-12-11

📋Vendor Advisories

1
Red Hat
security flaw2000-09-25

💬Community

1
Bugzilla
CVE-2000-0917 security flaw2018-08-16