Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0994

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-0994
Last Modified 05 Sep 2008 04:22:23
Published 19 Dec 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0994

Summary

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

Vulnerable Systems

Operating System

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7


References

XF - bsd-fstat-format

MISC - ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch

BID - 1746

BUGTRAQ - 20001004 Re: OpenBSD Security Advisory


Last Updated: 27 May 2016 10:35:58