CVE-2000-1220

high

Description

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/3841

http://www.securityfocus.com/bid/927

http://www.redhat.com/support/errata/RHSA-2000-002.html

http://www.l0pht.com/advisories/lpd_advisory

http://www.kb.cert.org/vuls/id/39001

http://www.debian.org/security/2000/20000109

http://www.atstake.com/research/advisories/2000/lpd_advisory.txt

http://seclists.org/lists/bugtraq/2000/Jan/0116.html

Details

Source: Mitre, NVD

Published: 2000-01-08

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.14217