ID CVE-2000-0917
Summary Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
References
Vulnerable Configurations
  • cpe:2.3:a:caldera:openlinux_ebuilder:3.0
    cpe:2.3:a:caldera:openlinux_ebuilder:3.0
  • cpe:2.3:o:caldera:openlinux
    cpe:2.3:o:caldera:openlinux
  • cpe:2.3:o:caldera:openlinux_edesktop:2.4
    cpe:2.3:o:caldera:openlinux_edesktop:2.4
  • cpe:2.3:o:caldera:openlinux_eserver:2.3
    cpe:2.3:o:caldera:openlinux_eserver:2.3
  • Red Hat Linux 7.0
    cpe:2.3:o:redhat:linux:7.0
  • Trustix Trustix Linux 1.0
    cpe:2.3:o:trustix:secure_linux:1.0
  • Trustix Secure Linux 1.1
    cpe:2.3:o:trustix:secure_linux:1.1
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description LPRng 3.6.24-1 Remote Root Exploit. CVE-2000-0917. Remote exploit for linux platform
    id EDB-ID:230
    last seen 2016-01-31
    modified 2000-12-15
    published 2000-12-15
    reporter VeNoMouS
    source https://www.exploit-db.com/download/230/
    title LPRng 3.6.24-1 - Remote Root Exploit
  • description LPRng 3.6.22/23/24 Remote Root Exploit. CVE-2000-0917. Remote exploit for linux platform
    id EDB-ID:226
    last seen 2016-01-31
    modified 2000-12-11
    published 2000-12-11
    reporter sk8
    source https://www.exploit-db.com/download/226/
    title LPRng 3.6.22/23/24 - Remote Root Exploit
  • description LPRng (RedHat 7.0) lpd Remote Root Format String Exploit. CVE-2000-0917. Remote exploit for linux platform
    id EDB-ID:227
    last seen 2016-01-31
    modified 2000-12-11
    published 2000-12-11
    reporter DiGiT
    source https://www.exploit-db.com/download/227/
    title LPRng RedHat 7.0 lpd Remote Root Format String Exploit
  • description LPRng use_syslog Remote Format String Vulnerability. CVE-2000-0917. Remote exploit for linux platform
    id EDB-ID:16842
    last seen 2016-02-02
    modified 2010-07-03
    published 2010-07-03
    reporter metasploit
    source https://www.exploit-db.com/download/16842/
    title LPRng use_syslog Remote Format String Vulnerability
metasploit via4
description This module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".
id MSF:EXPLOIT/LINUX/MISC/LPRNG_FORMAT_STRING
last seen 2019-03-31
modified 2017-07-24
published 2010-02-17
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/lprng_format_string.rb
title LPRng use_syslog Remote Format String Vulnerability
nessus via4
NASL family Gain a shell remotely
NASL id LPRNG.NASL
description LPRng seems to be running on this port. Versions of LPRng prior to 3.6.24 are missing format string arguments in at least two calls to 'syslog()' that handle user-supplied input. Using specially crafted input with format strings, an unauthenticated, remote attacker may be able to leverage these issues to execute arbitrary code subject to the privileges under which the service operates, typically 'root'. Note that Nessus has not determined that the remote installation of LPRng is vulnerable, only that it is listening on this port.
last seen 2019-02-21
modified 2018-11-15
plugin id 10522
published 2000-10-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10522
title LPRng use_syslog() Remote Format String Arbitrary Command Execution
packetstorm via4
data source https://packetstormsecurity.com/files/download/86422/lprng_format_string.rb.txt
id PACKETSTORM:86422
last seen 2016-12-05
published 2010-02-17
reporter jduck
source https://packetstormsecurity.com/files/86422/LPRng-use_syslog-Remote-Format-String-Vulnerability.html
title LPRng use_syslog Remote Format String Vulnerability
redhat via4
advisories
rhsa
id RHSA-2000:065
refmap via4
bid 1712
bugtraq 20000925 Format strings: bug #2: LPRng
caldera CSSA-2000-033.0
cert CA-2000-22
freebsd FreeBSD-SA-00:56
xf lprng-format-string(5287)
Last major update 05-09-2008 - 16:22
Published 19-12-2000 - 00:00
Last modified 09-10-2017 - 21:29
Back to Top