[VIM] lpr overflow - multiple cve/osvdb?
security curmudgeon
jericho at attrition.org
Sun Jun 5 02:59:43 EDT 2005
CVE-1999-0335
Buffer overflow in BSD and linux lpr command allows local users to execute
commands as root through the classification option.
XF:lpr-bsd-lprbo
CVE-1999-0032
Buffer overflow in BSD-based lpr package allows local users to gain root
privileges.
CERT:CA-97.19.bsdlp
AUSCERT:AA-96.12
CIAC:I-042
SGI:19980402-01-PX
XF:bsd-lprbo2
XF:bsd-lprbo
XF:lpr-bo
bsd-lprbo (409)
refs to: CVE-1999-0032 and CVE-1999-0335
http://archives.neohapsis.com/archives/bugtraq/1996_4/0151.html
1996-08-01
lpr-bo (843)
refs to: CVE-1999-0032
(no date)
The mail list attached to ISS 409 is 1996-10-25, -C option exploit.
This is currently OSVDB 1105 and 11499 (one for each cve), both NEW
status.
--
As best I can tell, these are the same vuln based on the inbreeding of
ext-refs, the approx dates, and nothing (obvious) to suggest there is a
second parameter or method for exploiting.
More information about the VIM
mailing list