Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0844

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0844
Last Modified 20 Jan 2009 12:00:00
Published 14 Nov 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0844

Summary

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Vulnerable Systems

Operating System

  • Caldera Openlinux

  • Caldera Openlinux Eserver 2.3

  • Conectiva Linux 4.0

  • Conectiva Linux 4.0es

  • Conectiva Linux 4.1

  • Conectiva Linux 4.2

  • Conectiva Linux 5.0

  • Conectiva Linux 5.1

  • Debian Linux 2.0

  • Debian Linux 2.1

  • Debian Linux 2.2

  • Debian Linux 2.3

  • Ibm Aix 3.2

  • Ibm Aix 3.2.4

  • Ibm Aix 3.2.5

  • Ibm Aix 4.0

  • Ibm Aix 4.1

  • Ibm Aix 4.1.1

  • Ibm Aix 4.1.2

  • Ibm Aix 4.1.3

  • Ibm Aix 4.1.4

  • Ibm Aix 4.1.5

  • Ibm Aix 4.2

  • Ibm Aix 4.2.1

  • Ibm Aix 4.3

  • Ibm Aix 4.3.1

  • Ibm Aix 4.3.2

  • Mandrakesoft Mandrake Linux 7.0

  • Mandrakesoft Mandrake Linux 7.1

  • Redhat Linux 5.0

  • Redhat Linux 5.1

  • Redhat Linux 5.2

  • Redhat Linux 6.0

  • Redhat Linux 6.1

  • Redhat Linux 6.2

  • Sgi Irix 6.2

  • Sgi Irix 6.3

  • Sgi Irix 6.4

  • Sgi Irix 6.5

  • Sgi Irix 6.5.1

  • Sgi Irix 6.5.2m

  • Sgi Irix 6.5.3

  • Sgi Irix 6.5.3f

  • Sgi Irix 6.5.3m

  • Sgi Irix 6.5.4

  • Sgi Irix 6.5.6

  • Sgi Irix 6.5.7

  • Sgi Irix 6.5.8

  • Slackware Linux 7.0

  • Slackware Linux 7.1

  • Sun Solaris 2.0

  • Sun Solaris 2.1

  • Sun Solaris 2.2

  • Sun Solaris 2.3

  • Sun Solaris 2.4

  • Sun Solaris 2.5

  • Sun Solaris 2.5.1

  • Sun Solaris 2.6

  • Sun Solaris 7.0

  • Sun Solaris 8.0

  • Suse Linux 6.1

  • Suse Linux 6.2

  • Suse Linux 6.3

  • Suse Linux 6.4

  • Suse Linux 7.0

  • Trustix Secure Linux 1.0

  • Trustix Secure Linux 1.1

  • Turbolinux 6.0

  • Turbolinux 6.0.1

  • Turbolinux 6.0.2

  • Turbolinux 6.0.3

  • Turbolinux 6.0.4

Application

  • Caldera Openlinux Ebuilder 3.0

  • Immunix 6.2


References

BID - 1634

BUGTRAQ - 20000904 UNIX locale format string vulnerability

XF - unix-locale-format-string(5176)

REDHAT - RHSA-2000:057

SUSE - 20000906 glibc locale security problem

DEBIAN - 20000902 glibc: local root exploit

CALDERA - CSSA-2000-030.0

COMPAQ - SSRT0689U

AIXAPAR - IY13753

BUGTRAQ - 20000902 Conectiva Linux Security Announcement - glibc

SGI - 20000901-01-P


Last Updated: 27 May 2016 10:35:54