• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
19990607 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19990630)
Votes (Legacy)
ACCEPT(3) Frech, Hill, Northcutt
RECAST(1) Baker
REVIEWING(1) Christey
Comments (Legacy)
 Christey> This should be split into three separate problems based on
   the SNI advisory.  But there's newer information to further
   complicate things.
   What do we do about this one?  in 1997 or so, SNI did an
   advisory on this problem.  In early 2000, it was still
   discovered to be present in some Linux systems.  So an 
   SF-DISCOVERY content decision might say that this is a
   long enough time between the two, so this should be recorded
   separately.  But they're the same codebase... so if we keep
   them in the same entry, how do we make sure that this entry
   reflects that some new information has been discovered?
   The use of dot notation may help in this regard, to use one
   dot for the original problem as discovered in 1997, and
   another dot for the resurgence of the problem in 2000.
 Baker> We should merge these.
 Christey> Perhaps this should be NAI-19 instead of NAI-20?
   The original Bugtraq post for the SNI advisory suggests SNI-19:
   BUGTRAQ:19971002 SNI-19:BSD lpd vulnerability
   URL:SNI-19:BSD lpd vulnerability
   Also add:
   BUGTRAQ:19971021 SNI-19: BSD lpd vulnerabilities (UPDATE)
   However, archives of "NAI-0020" point to the lpd vuln.
   If I recall correctly, some of the NAI advisory numbers got
   switched when NAI acquired SNI.

Proposed (Legacy)
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.