[VIM] lpr overflow - multiple cve/osvdb?

security curmudgeon jericho at attrition.org
Sun Jun 5 02:59:43 EDT 2005


CVE-1999-0335
Buffer overflow in BSD and linux lpr command allows local users to execute 
commands as root through the classification option.
XF:lpr-bsd-lprbo

CVE-1999-0032
Buffer overflow in BSD-based lpr package allows local users to gain root 
privileges.
CERT:CA-97.19.bsdlp
AUSCERT:AA-96.12
CIAC:I-042
SGI:19980402-01-PX
XF:bsd-lprbo2
XF:bsd-lprbo
XF:lpr-bo


bsd-lprbo (409)
refs to: CVE-1999-0032 and CVE-1999-0335
http://archives.neohapsis.com/archives/bugtraq/1996_4/0151.html
1996-08-01

lpr-bo (843)
refs to: CVE-1999-0032
(no date)

The mail list attached to ISS 409 is 1996-10-25, -C option exploit.

This is currently OSVDB 1105 and 11499 (one for each cve), both NEW 
status.

--

As best I can tell, these are the same vuln based on the inbreeding of 
ext-refs, the approx dates, and nothing (obvious) to suggest there is a 
second parameter or method for exploiting.




More information about the VIM mailing list