CVE-2000-1221
CVSS10.0
发布时间 :2000-01-08 00:00:00
修订时间 :2017-02-15 21:59:00
NMCOE    

[原文]The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.


[CNNVD]多个供应商lpd漏洞(CNNVD-200001-026)

        多个Linux操作系统lpr包中的line printer daemon (lpd)通过对比本地机器的反向解析主机名和由gethostname返回的打印服务器的主机名进行认证。远程攻击者通过修改攻击IP的DNS绕过预定的访问控制。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:4.1Red Hat Linux 4.1
cpe:/o:redhat:linux:5.0Red Hat Linux 5.0
cpe:/o:sgi:irix:6.5.15mSGI IRIX 6.5.15m
cpe:/o:redhat:linux:5.2::i386
cpe:/o:redhat:linux:6.1::i386
cpe:/o:sgi:irix:6.5.17mSGI IRIX 6.5.17m
cpe:/o:sgi:irix:6.5.15fSGI IRIX 6.5.15f
cpe:/o:debian:debian_linux:2.1Debian Debian Linux 2.1
cpe:/o:sgi:irix:6.5.18fSGI IRIX 6.5.18f
cpe:/o:sgi:irix:6.5SGI IRIX 6.5
cpe:/o:sgi:irix:6.5.14mSGI IRIX 6.5.14m
cpe:/o:sgi:irix:6.5.18mSGI IRIX 6.5.18m
cpe:/o:sgi:irix:6.5.16fSGI IRIX 6.5.16f
cpe:/o:sgi:irix:6.5.16mSGI IRIX 6.5.16m
cpe:/o:sgi:irix:6.5.14fSGI IRIX 6.5.14f
cpe:/o:sgi:irix:6.5.4SGI IRIX 6.5.4
cpe:/o:sgi:irix:6.5.11SGI IRIX 6.5.11
cpe:/o:sgi:irix:6.5.12SGI IRIX 6.5.12
cpe:/o:sgi:irix:6.5.17fSGI IRIX 6.5.17f
cpe:/o:redhat:linux:6.0Red Hat Linux 6.0
cpe:/o:sgi:irix:6.5.10SGI IRIX 6.5.10
cpe:/o:sgi:irix:6.5.9SGI IRIX 6.5.9
cpe:/o:sgi:irix:6.5.6SGI IRIX 6.5.6
cpe:/o:sgi:irix:6.5.7SGI IRIX 6.5.7
cpe:/o:sgi:irix:6.5.13SGI IRIX 6.5.13
cpe:/o:redhat:linux:4.2Red Hat Linux 4.2
cpe:/o:sgi:irix:6.5.5SGI IRIX 6.5.5
cpe:/o:sgi:irix:6.5.2SGI IRIX 6.5.2
cpe:/o:sgi:irix:6.5.3SGI IRIX 6.5.3
cpe:/o:sgi:irix:6.5.8SGI IRIX 6.5.8
cpe:/o:sgi:irix:6.5.1SGI IRIX 6.5.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1221
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1221
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200001-026
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P
(PATCH)  SGI  20021104-01-P
http://rhn.redhat.com/errata/RHSA-2000-002.html
(UNKNOWN)  REDHAT  RHSA-2000:002
http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
(UNKNOWN)  ATSTAKE  A010800-v
http://www.debian.org/security/2000/20000109
(PATCH)  DEBIAN  20000109 lpr -- access control problem and root exploit
http://www.kb.cert.org/vuls/id/30308
(UNKNOWN)  CERT-VN  VU#30308
http://www.l0pht.com/advisories/lpd_advisory
(UNKNOWN)  L0PHT  20000108 Quadruple Inverted Backflip
http://www.securityfocus.com/bid/927
(UNKNOWN)  BID  927
http://xforce.iss.net/xforce/xfdb/3840
(UNKNOWN)  XF  redhat-lpd-auth(3840)

- 漏洞信息

多个供应商lpd漏洞
危急 访问验证错误
2000-01-08 00:00:00 2009-02-28 00:00:00
远程※本地  
        多个Linux操作系统lpr包中的line printer daemon (lpd)通过对比本地机器的反向解析主机名和由gethostname返回的打印服务器的主机名进行认证。远程攻击者通过修改攻击IP的DNS绕过预定的访问控制。
        

- 公告与补丁

        SGI has released a security advisory. The issue has been addressed in the latest version of IRIX. Fixes have also been made available.
        SGI has released a new security advisory which contains a patch which addresses problems encountered in the 4835 patch. Users are advised to apply the newly available patch as soon as possible.
        Download the fix from RedHat at:
        Red Hat Linux 6.x:
        Intel:
         ftp://updates.redhat.com/6.1/i386/lpr-0.48-1.i386.rpm
        Alpha:
         ftp://updates.redhat.com/6.1/alpha/lpr-0.48-1.alpha.rpm
        Sparc:
         ftp://updates.redhat.com/6.1/sparc/lpr-0.48-1.sparc.rpm
        Source packages:
         ftp://updates.redhat.com/6.1/SRPMS/lpr-0.48-1.src.rpm
        Red Hat Linux 5.x:
        Intel:
         ftp://updates.redhat.com/5.2/i386/lpr-0.48-0.5.2.i386.rpm
        Alpha:
         ftp://updates.redhat.com/5.2/alpha/lpr-0.48-0.5.2.alpha.rpm
        Sparc:
         ftp://updates.redhat.com/5.2/sparc/lpr-0.48-0.5.2.sparc.rpm
        Source packages:
         ftp://updates.redhat.com/5.2/SRPMS/lpr-0.48-0.5.2.src.rpm
        Red Hat Linux 4.x:
        Intel:
         ftp://updates.redhat.com/4.2/i386/lpr-0.48-0.4.2.i386.rpm
        Alpha:
         ftp://updates.redhat.com/4.2/alpha/lpr-0.48-0.4.2.alpha.rpm
        Sparc:
         ftp://updates.redhat.com/4.2/sparc/lpr-0.48-0.4.2.sparc.rpm
        Source packages:
         ftp://updates.redhat.com/4.2/SRPMS/lpr-0.48-0.4.2.src.rpm
        SGI IRIX 6.5
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.1
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.10
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.11
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.12
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.13
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.14 f
        
        SGI IRIX 6.5.14 m
        
        SGI IRIX 6.5.15 m
        
        SGI IRIX 6.5.15 f
        
        SGI IRIX 6.5.16 m
        
        SGI IRIX 6.5.16 f
        
        SGI IRIX 6.5.17 f
        
        SGI IRIX 6.5.17 m
        
        SGI IRIX 6.5.18 m
        
        SGI IRIX 6.5.18 f
        
        SGI IRIX 6.5.2
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.3
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.4
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.5
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.6
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.7
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.8
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.9
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

- 漏洞信息 (19722)

RedHat <= 6.1,IRIX <= 6.5.18 lpd Vulnerabilities (EDBID:19722)
unix remote
2000-01-11 Verified
0 Anonymous
N/A [点击下载]
source: http://www.securityfocus.com/bid/927/info

Multiple vulnerabilities have been discovered in lpd, shipped with various Linux and Unix distributions.

It has been reported that lpd fails to properly authenticate hostnames. This could allow an unauthenticated user to gain access to lpd services by supplying a spoofed hostname.

It is also possible for a local user to pass arguments to sendmail, through the vulnerable print daemon. This could allow an unauthorized user to execute commands with elevated privileges.

By exploiting multiple vulnerabilities in lpd, it may be possible for a remote attacker to gain root privileges on a target server.

http://www.exploit-db.com/sploits/19722.tgz		

- 漏洞信息

17208
Multiple Linux lpr lpd DNS Resolution Remote Privilege Escalation
Remote / Network Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-01-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站