CVE-2003-0144

high

Description

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11473

http://www.novell.com/linux/security/advisories/2003_014_lprold.html

http://www.mandriva.com/security/advisories?name=MDKSA-2003:059

http://www.debian.org/security/2003/dsa-275

http://www.debian.org/security/2003/dsa-267

http://secunia.com/advisories/8293

http://marc.info/?l=bugtraq&m=104714441925019&w=2

http://marc.info/?l=bugtraq&m=104690434504429&w=2

Details

Source: Mitre, NVD

Published: 2003-03-31

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0025