1. CVE-Search
  2. CVE-2000-0867
ID CVE-2000-0867
Summary Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:2.1:*:slink:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:2.1:*:slink:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:2.2:*:potato:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:2.2:*:potato:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:5.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:5.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:slackware:slackware_linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:slackware:slackware_linux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
    cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
rhsa
id RHSA-2000:061
refmap via4
bugtraq
  • 20000917 klogd format bug
  • 20000918 Conectiva Linux Security Announcement - sysklogd
caldera CSSA-2000-032.0
debian 20000919
mandrake MDKSA-2000:050
osvdb 5824
suse 20000920 syslogd + klogd format string parsing error
turbo TLSA2000022-2
xf klogd-format-string(5259)
Last major update 03-05-2018 - 01:29
Published 14-11-2000 - 05:00
Last modified 03-05-2018 - 01:29
Back to Top