CVE-2000-0993

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2000-0993
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc
http://marc.info/?l=bugtraq&m=97068555106135&w=2
http://www.openbsd.org/errata27.html#pw_error
http://www.securityfocus.com/bid/1744 Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5339
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc
http://marc.info/?l=bugtraq&m=97068555106135&w=2
http://www.openbsd.org/errata27.html#pw_error
http://www.securityfocus.com/bid/1744 Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5339
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
History

20 Nov 2024, 23:33

Type Values Removed Values Added
References () ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc - () ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc -
References () ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc - () ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc -
References () http://marc.info/?l=bugtraq&m=97068555106135&w=2 - () http://marc.info/?l=bugtraq&m=97068555106135&w=2 -
References () http://www.openbsd.org/errata27.html#pw_error - () http://www.openbsd.org/errata27.html#pw_error -
References () http://www.securityfocus.com/bid/1744 - Exploit, Patch, Vendor Advisory () http://www.securityfocus.com/bid/1744 - Exploit, Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/5339 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/5339 -
Information

Published : 2000-12-19 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2000-0993

Mitre link : CVE-2000-0993

CVE.ORG link : CVE-2000-0993

JSON object : View

Products Affected

netbsd

  • netbsd

openbsd

  • openbsd

freebsd

  • freebsd
CWE
NVD-CWE-Other