10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.011 Low
EPSS
Percentile
84.1%
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | lpr | < 1:0.48-1 | lpr_1:0.48-1_all.deb |
Debian | 11 | all | lpr | < 1:0.48-1 | lpr_1:0.48-1_all.deb |
Debian | 10 | all | lpr | < 1:0.48-1 | lpr_1:0.48-1_all.deb |
Debian | 999 | all | lpr | < 1:0.48-1 | lpr_1:0.48-1_all.deb |
Debian | 13 | all | lpr | < 1:0.48-1 | lpr_1:0.48-1_all.deb |