CVE Catalog

CVE-1999-1102

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

The vulnerability in lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack triggered after invoking lpr 1000 times.

Risk Assessment

An attacker could exploit this vulnerability to manipulate system files, potentially leading to data loss or system integrity breaches.

Recommendation

It is recommended to restrict access to the lpr command for local users and to monitor its usage to detect potential attacks.

Original NVD description (English source)

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS