Format String Vulnerability in BSD Libutil Library Affecting Local Users
CVE-2000-0993

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd; OpenBSD; FreeBSD
Vendor: CVE Published:; 19 December 2000

What is CVE-2000-0993?

The pw_error function within the BSD libutil library is susceptible to a format string vulnerability, enabling local users to escalate their privileges to root. By exploiting this flaw through malformed inputs in password-related commands, such as 'chpass' or 'passwd', attackers can manipulate the execution flow, potentially compromising system security.

References

http://marc.info/?l=bugtraq&m=97068555106135&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/1744

vdb-entryx_refsource_BID

http://www.openbsd.org/errata27.html#pw_error

vendor-advisoryx_refsource_OPENBSD

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2000
Vulnerability Reserved
Nov 24, 2000

CVE-2000-0993 Data

JSON

Netbsd

What is CVE-2000-0993?

References

Timeline