Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0867

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-0867
Last Modified 10 Sep 2008 03:06:01
Published 14 Nov 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0867

Summary

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

Vulnerable Systems

Operating System

  • Debian Linux 2.1

  • Debian Linux 2.2

  • Mandrakesoft Mandrake Linux 6.0

  • Mandrakesoft Mandrake Linux 6.1

  • Mandrakesoft Mandrake Linux 7.0

  • Mandrakesoft Mandrake Linux 7.1

  • Redhat Linux 5.2

  • Redhat Linux 6.2

  • Slackware Linux

  • Trustix Secure Linux 1.1


References

XF - klogd-format-string

BUGTRAQ - 20000917 klogd format bug

TURBO - TLSA2000022-2

REDHAT - RHSA-2000:061

OSVDB - 5824

SUSE - 20000920 syslogd + klogd format string parsing error

BUGTRAQ - 20000918 Conectiva Linux Security Announcement - sysklogd

MANDRAKE - MDKSA-2000:050

CALDERA - CSSA-2000-032.0


Last Updated: 27 May 2016 10:35:54