CVE-2000-1221
Description
lpd in the lpr package authenticates using hostname comparison, enabling DNS spoofing attacks to bypass access controls.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
lpd in the lpr package authenticates using hostname comparison, enabling DNS spoofing attacks to bypass access controls.
Vulnerability
The line printer daemon (lpd) in the lpr package shipped with multiple Linux distributions authenticates by comparing the reverse-resolved hostname of the connecting machine to the hostname of the print server as returned by gethostname. This flawed authentication mechanism is referenced in [1]. Affected versions include those distributed with various Linux systems at the time (circa 2000).
Exploitation
An attacker must be able to control the DNS resolution for their own attacking IP address so that the reverse-DNS lookup of that IP returns the hostname of the target print server. When the attacker connects to lpd, the daemon performs a reverse lookup on the attacker's IP and compares it to the server's own hostname. If they match, access is granted. No additional authentication or user interaction is required beyond the ability to modify DNS records for the attacker's address [1].
Impact
A remote, unauthenticated attacker who can control DNS resolution for their IP can gain unauthorized access to the lpd server. This can lead to unauthorized printing or, when combined with other vulnerabilities (e.g., VU#39001), potential privilege escalation or further compromise of the print server or network [1].
Mitigation
Vendors (such as Red Hat and Debian) released patches to correct the authentication method. The CERT/CC recommends applying the patches provided by the respective vendor [1]. No widespread workaround other than patching is documented; users should ensure their lpr package is updated to a fixed version.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
31- cpe:2.3:o:debian:debian_linux:2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.1:*:i386:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- patches.sgi.com/support/free/security/advisories/20021104-01-PnvdPatch
- www.debian.org/security/2000/20000109nvdPatch
- www.kb.cert.org/vuls/id/30308nvdUS Government Resource
- rhn.redhat.com/errata/RHSA-2000-002.htmlnvd
- www.atstake.com/research/advisories/2000/lpd_advisory.txtnvd
- www.l0pht.com/advisories/lpd_advisorynvd
- www.securityfocus.com/bid/927nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/3840nvd
News mentions
0No linked articles in our index yet.