CVE-2000-1221
CVSS10.0
发布时间 :2000-01-08 00:00:00
修订时间 :2009-02-28 00:10:48
NMCOE    

[原文]The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.


[CNNVD]多个供应商lpd漏洞(CNNVD-200001-026)

        多个Linux操作系统lpr包中的line printer daemon (lpd)通过对比本地机器的反向解析主机名和由gethostname返回的打印服务器的主机名进行认证。远程攻击者通过修改攻击IP的DNS绕过预定的访问控制。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:sgi:irix:6.5.14fSGI IRIX 6.5.14f
cpe:/o:redhat:linux:6.1::i386
cpe:/o:sgi:irix:6.5.18fSGI IRIX 6.5.18f
cpe:/o:sgi:irix:6.5.16mSGI IRIX 6.5.16m
cpe:/o:redhat:linux:4.2Red Hat Linux 4.2
cpe:/o:sgi:irix:6.5.15fSGI IRIX 6.5.15f
cpe:/o:sgi:irix:6.5.6SGI IRIX 6.5.6
cpe:/o:redhat:linux:4.1Red Hat Linux 4.1
cpe:/o:redhat:linux:6.0Red Hat Linux 6.0
cpe:/o:sgi:irix:6.5.13SGI IRIX 6.5.13
cpe:/o:sgi:irix:6.5.18mSGI IRIX 6.5.18m
cpe:/o:sgi:irix:6.5.11SGI IRIX 6.5.11
cpe:/o:sgi:irix:6.5.17mSGI IRIX 6.5.17m
cpe:/o:sgi:irix:6.5.3SGI IRIX 6.5.3
cpe:/o:sgi:irix:6.5.9SGI IRIX 6.5.9
cpe:/o:sgi:irix:6.5.14mSGI IRIX 6.5.14m
cpe:/o:sgi:irix:6.5.12SGI IRIX 6.5.12
cpe:/o:sgi:irix:6.5.8SGI IRIX 6.5.8
cpe:/o:redhat:linux:5.2::i386
cpe:/o:sgi:irix:6.5SGI IRIX 6.5
cpe:/o:sgi:irix:6.5.7SGI IRIX 6.5.7
cpe:/o:sgi:irix:6.5.15mSGI IRIX 6.5.15m
cpe:/o:sgi:irix:6.5.16fSGI IRIX 6.5.16f
cpe:/o:sgi:irix:6.5.5SGI IRIX 6.5.5
cpe:/o:sgi:irix:6.5.4SGI IRIX 6.5.4
cpe:/o:sgi:irix:6.5.10SGI IRIX 6.5.10
cpe:/o:sgi:irix:6.5.1SGI IRIX 6.5.1
cpe:/o:sgi:irix:6.5.2SGI IRIX 6.5.2
cpe:/o:redhat:linux:5.0Red Hat Linux 5.0
cpe:/o:debian:debian_linux:2.1Debian Debian Linux 2.1
cpe:/o:sgi:irix:6.5.17fSGI IRIX 6.5.17f

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1221
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1221
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200001-026
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/30308
(UNKNOWN)  CERT-VN  VU#30308
http://www.debian.org/security/2000/20000109
(PATCH)  DEBIAN  20000109 lpr -- access control problem and root exploit
http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
(PATCH)  L0PHT  20000108 Quadruple Inverted Backflip
ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P
(PATCH)  SGI  20021104-01-P
http://xforce.iss.net/xforce/xfdb/3840
(UNKNOWN)  XF  redhat-lpd-auth(3840)
http://www.securityfocus.com/bid/0927
(UNKNOWN)  BID  927
http://www.atstake.com/research/advisories/2000/lpd_advisory.txt
(UNKNOWN)  L0PHT  20000108 Quadruple Inverted Backflip
http://rhn.redhat.com/errata/RHSA-2000-002.html
(UNKNOWN)  REDHAT  RHSA-2000:002

- 漏洞信息

多个供应商lpd漏洞
危急 访问验证错误
2000-01-08 00:00:00 2009-02-28 00:00:00
远程※本地  
        多个Linux操作系统lpr包中的line printer daemon (lpd)通过对比本地机器的反向解析主机名和由gethostname返回的打印服务器的主机名进行认证。远程攻击者通过修改攻击IP的DNS绕过预定的访问控制。
        

- 公告与补丁

        SGI has released a security advisory. The issue has been addressed in the latest version of IRIX. Fixes have also been made available.
        SGI has released a new security advisory which contains a patch which addresses problems encountered in the 4835 patch. Users are advised to apply the newly available patch as soon as possible.
        Download the fix from RedHat at:
        Red Hat Linux 6.x:
        Intel:
         ftp://updates.redhat.com/6.1/i386/lpr-0.48-1.i386.rpm
        Alpha:
         ftp://updates.redhat.com/6.1/alpha/lpr-0.48-1.alpha.rpm
        Sparc:
         ftp://updates.redhat.com/6.1/sparc/lpr-0.48-1.sparc.rpm
        Source packages:
         ftp://updates.redhat.com/6.1/SRPMS/lpr-0.48-1.src.rpm
        Red Hat Linux 5.x:
        Intel:
         ftp://updates.redhat.com/5.2/i386/lpr-0.48-0.5.2.i386.rpm
        Alpha:
         ftp://updates.redhat.com/5.2/alpha/lpr-0.48-0.5.2.alpha.rpm
        Sparc:
         ftp://updates.redhat.com/5.2/sparc/lpr-0.48-0.5.2.sparc.rpm
        Source packages:
         ftp://updates.redhat.com/5.2/SRPMS/lpr-0.48-0.5.2.src.rpm
        Red Hat Linux 4.x:
        Intel:
         ftp://updates.redhat.com/4.2/i386/lpr-0.48-0.4.2.i386.rpm
        Alpha:
         ftp://updates.redhat.com/4.2/alpha/lpr-0.48-0.4.2.alpha.rpm
        Sparc:
         ftp://updates.redhat.com/4.2/sparc/lpr-0.48-0.4.2.sparc.rpm
        Source packages:
         ftp://updates.redhat.com/4.2/SRPMS/lpr-0.48-0.4.2.src.rpm
        SGI IRIX 6.5
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.1
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.10
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.11
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.12
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.13
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.14 f
        
        SGI IRIX 6.5.14 m
        
        SGI IRIX 6.5.15 m
        
        SGI IRIX 6.5.15 f
        
        SGI IRIX 6.5.16 m
        
        SGI IRIX 6.5.16 f
        
        SGI IRIX 6.5.17 f
        
        SGI IRIX 6.5.17 m
        
        SGI IRIX 6.5.18 m
        
        SGI IRIX 6.5.18 f
        
        SGI IRIX 6.5.2
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.3
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.4
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.5
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.6
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.7
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.8
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

        SGI IRIX 6.5.9
        

  •         SGI IRIX 6.5.19
            www.sgi.com

  •         

- 漏洞信息 (19722)

RedHat <= 6.1,IRIX <= 6.5.18 lpd Vulnerabilities (EDBID:19722)
unix remote
2000-01-11 Verified
0 Anonymous
N/A [点击下载]
source: http://www.securityfocus.com/bid/927/info

Multiple vulnerabilities have been discovered in lpd, shipped with various Linux and Unix distributions.

It has been reported that lpd fails to properly authenticate hostnames. This could allow an unauthenticated user to gain access to lpd services by supplying a spoofed hostname.

It is also possible for a local user to pass arguments to sendmail, through the vulnerable print daemon. This could allow an unauthorized user to execute commands with elevated privileges.

By exploiting multiple vulnerabilities in lpd, it may be possible for a remote attacker to gain root privileges on a target server.

http://www.exploit-db.com/sploits/19722.tgz		

- 漏洞信息

17208
Multiple Linux lpr lpd DNS Resolution Remote Privilege Escalation
Remote / Network Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-01-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站