CVE Vulnerabilities

CVE-2000-0844

Published: Nov 14, 2000 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Affected Software

Name Vendor Start Version End Version
Openlinux_ebuilder Caldera 3.0 3.0
Immunix Immunix 6.2 6.2
Linux Conectiva 4.0 4.0
Linux Conectiva 4.0es 4.0es
Linux Conectiva 4.1 4.1
Linux Conectiva 4.2 4.2
Linux Conectiva 5.0 5.0
Linux Conectiva 5.1 5.1
Irix Sgi 6.2 6.2
Irix Sgi 6.3 6.3
Irix Sgi 6.4 6.4
Irix Sgi 6.5 6.5
Irix Sgi 6.5.1 6.5.1
Irix Sgi 6.5.2m 6.5.2m
Irix Sgi 6.5.3 6.5.3
Irix Sgi 6.5.3f 6.5.3f
Irix Sgi 6.5.3m 6.5.3m
Irix Sgi 6.5.4 6.5.4
Irix Sgi 6.5.6 6.5.6
Irix Sgi 6.5.7 6.5.7
Irix Sgi 6.5.8 6.5.8

References