Claes Nyberg

**Name of the Vulnerable Software and Affected Versions** lprold lpr package versions 7.1 through 7.3 OpenBSD versions 3.2 and earlier Debian GNU/Linux (affected versions not specified) lpr-ppd package (affected versions not specified) **Description** The issue allows local users to gain root privileges via long command line arguments, such as request ID or user name, potentially leading to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out by a local attacker. **Recommendations** For lprold lpr package versions 7.1 through 7.3, consider disabling the lprm command until a patch is available. For OpenBSD versions 3.2 and earlier, restrict access to the lprm command to minimize the risk of exploitation. For Debian GNU/Linux and lpr-ppd package, at the moment, there is no information about a newer version that contains a fix for this vulnerability.