Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2000-1220 — Redhat Linux vulnerability
11 documents8 sources
Severity
10.0CRITICALNVD
EPSS
3.1%
top 13.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJan 8
Latest updateMay 3
Description
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-7v4g-j9jw-cxjp: The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to↗2022-05-03
CVEList▶
CVE-2000-1220: The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to↗2005-04-21
OSV▶
CVE-2000-1220: The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to↗2000-01-08
💥Exploits & PoCs
4Exploit-DB▶
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Local Buffer Overflow (2)↗2000-05-26
Exploit-DB▶
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (1)↗2000-05-16
Exploit-DB▶
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (3)↗2000-04-08