CVE-2003-0144 Information

Description

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3 OpenBSD 3.2 and earlier and possibly other operating systems allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

Reference

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P http://marc.info/?l=bugtraq&m=104690434504429&w=2 http://marc.info/?l=bugtraq&m=104714441925019&w=2 http://secunia.com/advisories/8293 http://www.debian.org/security/2003/dsa-267 http://www.debian.org/security/2003/dsa-275 http://www.mandriva.com/security/advisories?name=MDKSA-2003:059 http://www.novell.com/linux/security/advisories/2003_014_lprold.html http://www.securityfocus.com/bid/7025 https://exchange.xforce.ibmcloud.com/vulnerabilities/11473