CVE-2000-0844

Current Description

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Referenced by CVEs:CVE-2000-1207

Basic Data

PublishedNovember 14, 2000
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCalderaOpenlinux Ebuilder3.0*******
    2.3ApplicationImmunixImmunix6.2*******
    2.3OSConectivaLinux4.0*******
    2.3OSConectivaLinux4.0es*******
    2.3OSConectivaLinux4.1*******
    2.3OSConectivaLinux4.2*******
    2.3OSConectivaLinux5.0*******
    2.3OSConectivaLinux5.1*******
    2.3OSSgiIrix6.2*******
    2.3OSSgiIrix6.3*******
    2.3OSSgiIrix6.4*******
    2.3OSSgiIrix6.5*******
    2.3OSSgiIrix6.5.1*******
    2.3OSSgiIrix6.5.2m*******
    2.3OSSgiIrix6.5.3*******
    2.3OSSgiIrix6.5.3f*******
    2.3OSSgiIrix6.5.3m*******
    2.3OSSgiIrix6.5.4*******
    2.3OSSgiIrix6.5.6*******
    2.3OSSgiIrix6.5.7*******
    2.3OSSgiIrix6.5.8*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCalderaOpenlinux********
    2.3OSCalderaOpenlinux Eserver2.3*******
    2.3OSDebianDebian Linux2.0*******
    2.3OSDebianDebian Linux2.1*******
    2.3OSDebianDebian Linux2.2*******
    2.3OSDebianDebian Linux2.3*******
    2.3OSIbmAix3.2*******
    2.3OSIbmAix3.2.4*******
    2.3OSIbmAix3.2.5*******
    2.3OSIbmAix4.0*******
    2.3OSIbmAix4.1*******
    2.3OSIbmAix4.1.1*******
    2.3OSIbmAix4.1.2*******
    2.3OSIbmAix4.1.3*******
    2.3OSIbmAix4.1.4*******
    2.3OSIbmAix4.1.5*******
    2.3OSIbmAix4.2*******
    2.3OSIbmAix4.2.1*******
    2.3OSIbmAix4.3*******
    2.3OSIbmAix4.3.1*******
    2.3OSIbmAix4.3.2*******
    2.3OSMandrakesoftMandrake Linux7.0*******
    2.3OSMandrakesoftMandrake Linux7.1*******
    2.3OSRedhatLinux5.0*******
    2.3OSRedhatLinux5.1*******
    2.3OSRedhatLinux5.2*******
    2.3OSRedhatLinux6.0*******
    2.3OSRedhatLinux6.1*******
    2.3OSRedhatLinux6.2*******
    2.3OSSlackwareSlackware Linux7.0*******
    2.3OSSlackwareSlackware Linux7.1*******
    2.3OSSunSolaris2.6*******
    2.3OSSunSunos5.0*******
    2.3OSSunSunos5.1*******
    2.3OSSunSunos5.2*******
    2.3OSSunSunos5.3*******
    2.3OSSunSunos5.4*******
    2.3OSSunSunos5.5*******
    2.3OSSunSunos5.5.1*******
    2.3OSSunSunos5.7*******
    2.3OSSunSunos5.8*******
    2.3OSSuseSuse Linux6.1*******
    2.3OSSuseSuse Linux6.2*******
    2.3OSSuseSuse Linux6.3*******
    2.3OSSuseSuse Linux6.4*******
    2.3OSSuseSuse Linux7.0*******
    2.3OSTrustixSecure Linux1.0*******
    2.3OSTrustixSecure Linux1.1*******
    2.3OSTurbolinuxTurbolinux6.0*******
    2.3OSTurbolinuxTurbolinux6.0.1*******
    2.3OSTurbolinuxTurbolinux6.0.2*******
    2.3OSTurbolinuxTurbolinux6.0.3*******
    2.3OSTurbolinuxTurbolinux6.0.4*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 2.0, 2.1, 2.2, 2.3
Caldera Openlinux Ebuilder 3.0
Caldera Openlinux *
Caldera Openlinux Eserver 2.3
Slackware Slackware Linux 7.0, 7.1
Redhat Linux 5.0, 5.1, 5.2, 6.0, 6.1, 6.2
Conectiva Linux 4.0, 4.0es, 4.1, 4.2, 5.0, 5.1
Sgi Irix 6.2, 6.3, 6.4, 6.5, 6.5.1, 6.5.2m, 6.5.3, 6.5.3f, 6.5.3m, 6.5.4, 6.5.6, 6.5.7, 6.5.8
Turbolinux Turbolinux 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4
Ibm Aix 3.2, 3.2.4, 3.2.5, 4.0, 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2, 4.2.1, 4.3, 4.3.1, 4.3.2
Sun Solaris 2.6
Sun Sunos 5.0, 5.1, 5.2, 5.3, 5.4, 5.5, 5.5.1, 5.7, 5.8
Trustix Secure Linux 1.0, 1.1
Suse Suse Linux 6.1, 6.2, 6.3, 6.4, 7.0
Immunix Immunix 6.2
Mandrakesoft Mandrake Linux 7.0, 7.1

References

NameSourceURLTags
20000901-01-Pftp://patches.sgi.com/support/free/security/advisories/20000901-01-PSGI
20000902 Conectiva Linux Security Announcement - glibchttp://archives.neohapsis.com/archives/bugtraq/2000-08/0436.htmlBUGTRAQ
20000904 UNIX locale format string vulnerabilityhttp://archives.neohapsis.com/archives/bugtraq/2000-08/0457.htmlBUGTRAQExploit Patch Vendor Advisory
IY13753http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.htmlAIXAPAR
SSRT0689Uhttp://archives.neohapsis.com/archives/tru64/2000-q4/0000.htmlCOMPAQ
CSSA-2000-030.0http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txtCALDERA
20000902 glibc: local root exploithttp://www.debian.org/security/2000/20000902DEBIAN
20000906 glibc locale security problemhttp://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.htmlSUSE
RHSA-2000:057http://www.redhat.com/support/errata/RHSA-2000-057.htmlREDHAT
1634http://www.securityfocus.com/bid/1634BIDExploit Patch Vendor Advisory
TLSA2000020-1http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.htmlTURBO
unix-locale-format-string(5176)https://exchange.xforce.ibmcloud.com/vulnerabilities/5176XF