Vulnerability Description
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 3.2 |
| Netbsd | Netbsd | 1.4 |
| Openbsd | Openbsd | 2.3 |
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.a
- http://marc.info/?l=bugtraq&m=97068555106135&w=2
- http://www.openbsd.org/errata27.html#pw_error
- http://www.securityfocus.com/bid/1744ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5339
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.a
- http://marc.info/?l=bugtraq&m=97068555106135&w=2
- http://www.openbsd.org/errata27.html#pw_error
- http://www.securityfocus.com/bid/1744ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5339
FAQ
What is CVE-2000-0993?
CVE-2000-0993 is a vulnerability with a CVSS score of 7.2 (HIGH). Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
How severe is CVE-2000-0993?
CVE-2000-0993 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0993?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd, Netbsd Netbsd, Openbsd Openbsd.