Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1221Linux vulnerability

9 documents8 sources
Severity
10.0CRITICALNVD
EPSS
10.9%
top 6.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Debian LinuxRedhat LinuxSGI Irix
Timeline
PublishedJan 8
Latest updateMay 3

Description

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDredhat/linux6 versions+5
NVDsgi/irix24 versions+23

Also affects: Debian Linux 2.1

Patches

Patch: patches.sgi.comPatch: www.debian.orgPatch: patches.sgi.com

🔴Vulnerability Details

3
GHSA
GHSA-7g6p-865f-j3r5: The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the l2022-05-03
CVEList
CVE-2000-1221: The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the l2005-04-21
OSV
CVE-2000-1221: The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the l2000-01-08

💥Exploits & PoCs

2
Exploit-DB
Microsoft Active Movie Control 1.0 - Filetype2000-05-13
Exploit-DB
RedHat 6.1 / IRIX 6.5.18 - 'lpd' Command Execution2000-01-11

📋Vendor Advisories

2
Red Hat
security flaw2000-01-08
Debian
CVE-2000-1221: lpr - The line printer daemon (lpd) in the lpr package in multiple Linux operating sys...2000

💬Community

1
Bugzilla
CVE-2000-1221 security flaw2018-08-16
CVE-2000-1221 — Debian Linux vulnerability | cvebase