CVE-1999-0032

Description

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

Affected products

• bsdi / bsd_os2.1 – 2.1
• FreeBSD / FreeBSD2.0 – 2.0
• FreeBSD / FreeBSD2.0.5 – 2.0.5
• FreeBSD / FreeBSD2.1.0 – 2.1.0
• FreeBSD / FreeBSD2.1.5 – 2.1.5
• next / nextstep4.0 – 4.0
• next / nextstep4.1 – 4.1
• sgi / irix6.0.1 – 6.0.1
• sgi / irix6.1 – 6.1
• sgi / irix6.2 – 6.2
• sgi / irix6.3 – 6.3
• sgi / irix6.4 – 6.4
• sgi / irix5.0 – 5.0
• sgi / irix5.0.1 – 5.0.1
• sgi / irix5.1 – 5.1
• sgi / irix5.1.1 – 5.1.1
• sgi / irix5.2 – 5.2
• sgi / irix5.3 – 5.3
• sgi / irix6.0 – 6.0
• sun / sunos4.1.3u1 – 4.1.3u1
• sun / sunos4.1.4 – 4.1.4

References

• VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX
• MISChttp://www.securityfocus.com/bid/707
• MISChttp://www.ciac.org/ciac/bulletins/i-042.shtml