Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0844

Overview
Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0844
Last Modified 20 Jan 2009 12:00:00
Published 14 Nov 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0844

Summary

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Vulnerable Systems

Operating System

  • Caldera Openlinux

  • Caldera Openlinux Eserver 2.3

  • Conectiva Linux 4.0

  • Conectiva Linux 4.0es

  • Conectiva Linux 4.1

  • Conectiva Linux 4.2

  • Conectiva Linux 5.0

  • Conectiva Linux 5.1

  • Debian Linux 2.0

  • Debian Linux 2.1

  • Debian Linux 2.2

  • Debian Linux 2.3

  • Ibm Aix 3.2

  • Ibm Aix 3.2.4

  • Ibm Aix 3.2.5

  • Ibm Aix 4.0

  • Ibm Aix 4.1

  • Ibm Aix 4.1.1

  • Ibm Aix 4.1.2

  • Ibm Aix 4.1.3

  • Ibm Aix 4.1.4

  • Ibm Aix 4.1.5

  • Ibm Aix 4.2

  • Ibm Aix 4.2.1

  • Ibm Aix 4.3

  • Ibm Aix 4.3.1

  • Ibm Aix 4.3.2

  • Mandrakesoft Mandrake Linux 7.0

  • Mandrakesoft Mandrake Linux 7.1

  • Redhat Linux 5.0

  • Redhat Linux 5.1

  • Redhat Linux 5.2

  • Redhat Linux 6.0

  • Redhat Linux 6.1

  • Redhat Linux 6.2

  • Sgi Irix 6.2

  • Sgi Irix 6.3

  • Sgi Irix 6.4

  • Sgi Irix 6.5

  • Sgi Irix 6.5.1

  • Sgi Irix 6.5.2m

  • Sgi Irix 6.5.3

  • Sgi Irix 6.5.3f

  • Sgi Irix 6.5.3m

  • Sgi Irix 6.5.4

  • Sgi Irix 6.5.6

  • Sgi Irix 6.5.7

  • Sgi Irix 6.5.8

  • Slackware Linux 7.0

  • Slackware Linux 7.1

  • Sun Solaris 2.0

  • Sun Solaris 2.1

  • Sun Solaris 2.2

  • Sun Solaris 2.3

  • Sun Solaris 2.4

  • Sun Solaris 2.5

  • Sun Solaris 2.5.1

  • Sun Solaris 2.6

  • Sun Solaris 7.0

  • Sun Solaris 8.0

  • Suse Linux 6.1

  • Suse Linux 6.2

  • Suse Linux 6.3

  • Suse Linux 6.4

  • Suse Linux 7.0

  • Trustix Secure Linux 1.0

  • Trustix Secure Linux 1.1

  • Turbolinux 6.0

  • Turbolinux 6.0.1

  • Turbolinux 6.0.2

  • Turbolinux 6.0.3

  • Turbolinux 6.0.4

Application

  • Caldera Openlinux Ebuilder 3.0

  • Immunix 6.2


References

BID - 1634

BUGTRAQ - 20000904 UNIX locale format string vulnerability

XF - unix-locale-format-string(5176)

REDHAT - RHSA-2000:057

SUSE - 20000906 glibc locale security problem

DEBIAN - 20000902 glibc: local root exploit

CALDERA - CSSA-2000-030.0

COMPAQ - SSRT0689U

AIXAPAR - IY13753

BUGTRAQ - 20000902 Conectiva Linux Security Announcement - glibc

SGI - 20000901-01-P

IT Risk Posture:

Learn More
divider


Vulnerabilities

Patches

News


Free Risk Assessment Tools

Application Scanner
Find vulnerabilities on your network.

divider

Device Scanner
Find vulnerabilities on your network.

divider

Patch Scanner
Find vulnerabilities on your network.

Last Updated: 27 May 2016 10:35:54