Vulnerability Description
userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Linux | All versions |
References
- http://marc.info/?l=bugtraq&m=97034397026473&w=2
- http://marc.info/?l=bugtraq&m=97063854808796&w=2
- http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-059.php3Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2000-075.htmlPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=97034397026473&w=2
- http://marc.info/?l=bugtraq&m=97063854808796&w=2
- http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-059.php3Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2000-075.htmlPatchVendor Advisory
FAQ
What is CVE-2000-1207?
CVE-2000-1207 is a vulnerability with a CVSS score of 7.2 (HIGH). userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format stri...
How severe is CVE-2000-1207?
CVE-2000-1207 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-1207?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Linux.