Lucene search

[email protected]CVE-2000-0880

HistoryNov 14, 2000 - 5:00 a.m.

CVE-2000-0880

2000-11-1405:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2000-0880

lpplus

local attack

world-writeable permissions

process termination

setuid

dcclpdshut

nvd

7.2 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.

CPENameOperatorVersion
plus_technologies:lpplusplus technologies lppluseq3.3
plus_technologies:lpplusplus technologies lppluseq3.2.2

CPE	Name	Operator	Version
plus_technologies:lpplus	plus technologies lpplus	eq	3.3
plus_technologies:lpplus	plus technologies lpplus	eq	3.2.2

References

archives.neohapsis.com/archives/bugtraq/2000-08/0531.html

www.securityfocus.com/bid/1643

exchange.xforce.ibmcloud.com/vulnerabilities/5200

7.2 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON