CVE-ID

CVE-1999-0061

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • NAI:NAI-20
  • XF:bsd-lpd
Date Entry Created
19990607 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19990630)
Votes (Legacy)
ACCEPT(3) Frech, Hill, Northcutt
RECAST(1) Baker
REVIEWING(1) Christey
Comments (Legacy)
 Christey> This should be split into three separate problems based on
   the SNI advisory.  But there's newer information to further
   complicate things.
   
   What do we do about this one?  in 1997 or so, SNI did an
   advisory on this problem.  In early 2000, it was still
   discovered to be present in some Linux systems.  So an 
   SF-DISCOVERY content decision might say that this is a
   long enough time between the two, so this should be recorded
   separately.  But they're the same codebase... so if we keep
   them in the same entry, how do we make sure that this entry
   reflects that some new information has been discovered?
   
   The use of dot notation may help in this regard, to use one
   dot for the original problem as discovered in 1997, and
   another dot for the resurgence of the problem in 2000.
 Baker> We should merge these.
 Christey> Perhaps this should be NAI-19 instead of NAI-20?
   The original Bugtraq post for the SNI advisory suggests SNI-19:
   BUGTRAQ:19971002 SNI-19:BSD lpd vulnerability
   URL:SNI-19:BSD lpd vulnerability
   
   Also add:
   BUGTRAQ:19971021 SNI-19: BSD lpd vulnerabilities (UPDATE)
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87747479514310&w=2
   
   However, archives of "NAI-0020" point to the lpd vuln.
   
   If I recall correctly, some of the NAI advisory numbers got
   switched when NAI acquired SNI.

Proposed (Legacy)
19990630
This is an entry on the CVE list, which standardizes names for security problems.