CVE Vulnerabilities

CVE-2000-0993

Published: Dec 19, 2000 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

Affected Software

Name Vendor Start Version End Version
Freebsd Freebsd 3.2 3.2
Freebsd Freebsd 3.3 3.3
Freebsd Freebsd 3.4 3.4
Freebsd Freebsd 3.5 3.5
Freebsd Freebsd 4.0 4.0
Netbsd Netbsd 1.4 1.4
Netbsd Netbsd 1.4.1 1.4.1
Netbsd Netbsd 1.4.2 1.4.2
Openbsd Openbsd 2.3 2.3
Openbsd Openbsd 2.4 2.4
Openbsd Openbsd 2.5 2.5
Openbsd Openbsd 2.6 2.6
Openbsd Openbsd 2.7 2.7

References