Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0993

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-0993
Last Modified 05 Sep 2008 04:22:23
Published 19 Dec 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0993

Summary

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

Vulnerable Systems

Operating System

  • Freebsd 3.2

  • Freebsd 3.3

  • Freebsd 3.4

  • Freebsd 3.5

  • Freebsd 4.0

  • Netbsd 1.4

  • Netbsd 1.4.1

  • Netbsd 1.4.2

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7


References

XF - bsd-libutil-format

BID - 1744

OPENBSD - 20001003 A format string vulnerability exists in the pw_error(3) function.

BUGTRAQ - 20001004 Re: OpenBSD Security Advisory

NETBSD - NetBSD-SA2000-015

FREEBSD - FreeBSD-SA-00:58


Last Updated: 27 May 2016 10:35:58