CVE-2003-0144
published 2003-03-31CVE-2003-0144: Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows…
PriorityP428high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.91%
77.3th percentile
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bsd | lpr | — | — |
| bsd | lpr | — | — |
| bsd | lpr | >= 0 < 1:2000.05.07-4.20 | 1:2000.05.07-4.20 |
| bsd | lpr | >= 0 < 1:2000.05.07-4.20 | 1:2000.05.07-4.20 |
| bsd | lpr | >= 0 < 1:2000.05.07-4.20 | 1:2000.05.07-4.20 |
| bsd | lpr | >= 0 < 1:2000.05.07-4.20 | 1:2000.05.07-4.20 |
| debian | lpr | < lpr 1:2000.05.07-4.20 (bookworm) | lpr 1:2000.05.07-4.20 (bookworm) |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| lprold | lprold | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2003-0144: lpr - Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 throug...
vendor_debian·2003·CVSS 7.2
CVE-2003-0144 [HIGH] CVE-2003-0144: lpr - Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 throug...
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
Scope: local
bookworm: resolved (fixed in 1:2000.05.07-4.20)
bullseye: resolved (fixed in 1:2000.05.07-4.20)
forky: resolved (fixed in 1:2000.05.07-4.20)
sid: resolved (fixed in 1:2000.05.07-4.20)
trixie: resolved (fixed in 1:2000.05.07-4.20)
GHSA
GHSA-45pq-qjc7-hf9c: Buffer overflow in the lprm command in the lprold lpr package on SuSE 7
ghsa_unreviewed·2022-05-03
CVE-2003-0144 [HIGH] GHSA-45pq-qjc7-hf9c: Buffer overflow in the lprm command in the lprold lpr package on SuSE 7
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
OSV
CVE-2003-0144: Buffer overflow in the lprm command in the lprold lpr package on SuSE 7
osv·2003-03-31·CVSS 7.2
CVE-2003-0144 [HIGH] CVE-2003-0144: Buffer overflow in the lprm command in the lprold lpr package on SuSE 7
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
No detection rules found.
Exploit-DB
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)
exploitdb·1998-04-22
CVE-2003-0144 BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/7025/info
It has been reported that a vulnerability in the handling of some types of requests exists in lprm. When an attacker sends a maliciously crafted string to a configured printer through the lprm command, it may be possible to execute code.
/*
lprm-bsd.c - Exploit for lprm vulnerability in
OpenBSD and FreeBSD-stable
k0ded by Niall Smart, [email protected], 1998.
The original version of this file contains a blatant error
which anyone who is capable of understanding C will be able
to locate and remove. Please do not distribute this file
without this idiot-avoidance measure.
Typical egg on FreeBSD: 0xEFBFCFDF
Typical egg on OpenBSD: 0xEFBFD648
The exploit m
Exploit-DB
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)
exploitdb·1998-04-22
CVE-2003-0144 BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/7025/info
It has been reported that a vulnerability in the handling of some types of requests exists in lprm. When an attacker sends a maliciously crafted string to a configured printer through the lprm command, it may be possible to execute code.
/*
* lprmexp.c
*
* OpenBSD /
*
* Tested on OpenBSD 3.0 and 3.1.
*
* Fiddle with -a option from 1 to 7 to indent address in
* buffer.
*
*/
#include
#include
#include
#include
#include
#define LPRMPROG "/usr/bin/lprm"
#define BUFSIZE 511
#define OFFSET 0
#define NOP 0x90
static char obsdcode[] =
"\x31\xc0" /* xorl %eax, %eax */
"\x50" /* pushl %eax */
"\x50" /* pushl %eax */
"\xb0\xb7" /* movb $0xb7, %al */
"\xcd\x80" /*
No writeups or analysis indexed.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patchftp://patches.sgi.com/support/free/security/advisories/20030406-02-Phttp://marc.info/?l=bugtraq&m=104690434504429&w=2http://marc.info/?l=bugtraq&m=104714441925019&w=2http://secunia.com/advisories/8293http://www.debian.org/security/2003/dsa-267http://www.debian.org/security/2003/dsa-275http://www.mandriva.com/security/advisories?name=MDKSA-2003:059http://www.novell.com/linux/security/advisories/2003_014_lprold.htmlhttp://www.securityfocus.com/bid/7025https://exchange.xforce.ibmcloud.com/vulnerabilities/11473ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patchftp://patches.sgi.com/support/free/security/advisories/20030406-02-Phttp://marc.info/?l=bugtraq&m=104690434504429&w=2http://marc.info/?l=bugtraq&m=104714441925019&w=2http://secunia.com/advisories/8293http://www.debian.org/security/2003/dsa-267http://www.debian.org/security/2003/dsa-275http://www.mandriva.com/security/advisories?name=MDKSA-2003:059http://www.novell.com/linux/security/advisories/2003_014_lprold.htmlhttp://www.securityfocus.com/bid/7025https://exchange.xforce.ibmcloud.com/vulnerabilities/11473
2003-03-31
Published