{"vuid":"VU#39001","idnumber":"39001","name":"lpd allows options to be passed to sendmail","keywords":["lpr","sendmail","option","%s@%s","-t"],"overview":"The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail.","clean_desc":"The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail. These options could be used to specify another configuration file allowing an intruder to gain root access.","impact":"An intruder may be able to gain root access. In conjunction with another vulnerability (e.g., VU#30308), this can be exploited from hosts not normally authorized to use the lpd service.","resolution":"Apply the patches, if available, from your vendor.","workarounds":"","sysaffected":"","thanks":"The CERT/CC would like to thank @Stake, Red Hat and Debian for the information provided in their security advisories.","author":"This document was written by Jason Rafail.","public":["http://www.atstake.com/research/advisories/2000/lpd_advisory.txt","http://www.redhat.com/support/errata/RHSA2000002-01.6.0.html","http://www.debian.org/security/2000/20000109"],"cveids":["CVE-2000-1208"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-04-24T14:55:52Z","publicdate":"2000-01-08T00:00:00Z","datefirstpublished":"2001-10-16T19:00:14Z","dateupdated":"2001-11-09T17:11:13Z","revision":13,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"14.0625","cam_scorecurrentwidelyknown":"16.875","cam_scorecurrentwidelyknownexploited":"28.125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":14.0625,"vulnote":null}