Vulnerabilites related to caldera - openlinux_ebuilder
cve-2000-0594
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html | vendor-advisory, x_refsource_FREEBSD | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2000-042.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.securityfocus.com/bid/1436 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/4897 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html | mailing-list, x_refsource_VULN-DEV |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T05:21:31.570Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FreeBSD-SA-00:32", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html", }, { name: "20000707 BitchX update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html", }, { name: "RHSA-2000:042", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2000-042.html", }, { name: "CSSA-2000-022.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt", }, { name: "1436", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/1436", }, { name: "irc-bitchx-invite-dos(4897)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897", }, { name: "20000704 BitchX exploit possibly waiting to happen, certain DoS", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html", }, { name: "20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html", }, { name: "20000704 BitchX /ignore bug", tags: [ "mailing-list", "x_refsource_VULN-DEV", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2000-07-05T00:00:00", descriptions: [ { lang: "en", value: "BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2004-09-02T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FreeBSD-SA-00:32", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html", }, { name: "20000707 BitchX update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html", }, { name: "RHSA-2000:042", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2000-042.html", }, { name: "CSSA-2000-022.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt", }, { name: "1436", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/1436", }, { name: "irc-bitchx-invite-dos(4897)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897", }, { name: "20000704 BitchX exploit possibly waiting to happen, certain DoS", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html", }, { name: "20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html", }, { name: "20000704 BitchX /ignore bug", tags: [ "mailing-list", "x_refsource_VULN-DEV", ], url: "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2000-0594", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FreeBSD-SA-00:32", refsource: "FREEBSD", url: "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html", }, { name: "20000707 BitchX update", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html", }, { name: "RHSA-2000:042", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2000-042.html", }, { name: "CSSA-2000-022.0", refsource: "CALDERA", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt", }, { name: "1436", refsource: "BID", url: "http://www.securityfocus.com/bid/1436", }, { name: "irc-bitchx-invite-dos(4897)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897", }, { name: "20000704 BitchX exploit possibly waiting to happen, certain DoS", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html", }, { name: "20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html", }, { name: "20000704 BitchX /ignore bug", refsource: "VULN-DEV", url: "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2000-0594", datePublished: "2000-10-13T04:00:00", dateReserved: "2000-07-19T00:00:00", dateUpdated: "2024-08-08T05:21:31.570Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2000-0917
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:37
Severity ?
EPSS score ?
Summary
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.cert.org/advisories/CA-2000-22.html | third-party-advisory, x_refsource_CERT | |
| http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2000-065.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5287 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/1712 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T05:37:31.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FreeBSD-SA-00:56", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc", }, { name: "CSSA-2000-033.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt", }, { name: "CA-2000-22", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.cert.org/advisories/CA-2000-22.html", }, { name: "20000925 Format strings: bug #2: LPRng", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html", }, { name: "RHSA-2000:065", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2000-065.html", }, { name: "lprng-format-string(5287)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5287", }, { name: "1712", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/1712", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2000-09-25T00:00:00", descriptions: [ { lang: "en", value: "Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2004-09-02T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FreeBSD-SA-00:56", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc", }, { name: "CSSA-2000-033.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt", }, { name: "CA-2000-22", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.cert.org/advisories/CA-2000-22.html", }, { name: "20000925 Format strings: bug #2: LPRng", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html", }, { name: "RHSA-2000:065", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2000-065.html", }, { name: "lprng-format-string(5287)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5287", }, { name: "1712", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/1712", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2000-0917", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FreeBSD-SA-00:56", refsource: "FREEBSD", url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc", }, { name: "CSSA-2000-033.0", refsource: "CALDERA", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt", }, { name: "CA-2000-22", refsource: "CERT", url: "http://www.cert.org/advisories/CA-2000-22.html", }, { name: "20000925 Format strings: bug #2: LPRng", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html", }, { name: "RHSA-2000:065", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2000-065.html", }, { name: "lprng-format-string(5287)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5287", }, { name: "1712", refsource: "BID", url: "http://www.securityfocus.com/bid/1712", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2000-0917", datePublished: "2001-01-22T05:00:00", dateReserved: "2000-11-24T00:00:00", dateUpdated: "2024-08-08T05:37:31.427Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2000-0844
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:37
Severity ?
EPSS score ?
Summary
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T05:37:30.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2000:057", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2000-057.html", }, { name: "20000906 glibc locale security problem", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html", }, { name: "20000902 Conectiva Linux Security Announcement - glibc", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html", }, { name: "SSRT0689U", tags: [ "vendor-advisory", "x_refsource_COMPAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html", }, { name: "TLSA2000020-1", tags: [ "vendor-advisory", "x_refsource_TURBO", "x_transferred", ], url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html", }, { name: "20000902 glibc: local root exploit", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2000/20000902", }, { name: "20000904 UNIX locale format string vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html", }, { name: "IY13753", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html", }, { name: "1634", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/1634", }, { name: "CSSA-2000-030.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt", }, { name: "unix-locale-format-string(5176)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5176", }, { name: "20000901-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2000-09-04T00:00:00", descriptions: [ { lang: "en", value: "Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2004-09-02T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2000:057", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2000-057.html", }, { name: "20000906 glibc locale security problem", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html", }, { name: "20000902 Conectiva Linux Security Announcement - glibc", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html", }, { name: "SSRT0689U", tags: [ "vendor-advisory", "x_refsource_COMPAQ", ], url: "http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html", }, { name: "TLSA2000020-1", tags: [ "vendor-advisory", "x_refsource_TURBO", ], url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html", }, { name: "20000902 glibc: local root exploit", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2000/20000902", }, { name: "20000904 UNIX locale format string vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html", }, { name: "IY13753", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html", }, { name: "1634", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/1634", }, { name: "CSSA-2000-030.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt", }, { name: "unix-locale-format-string(5176)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5176", }, { name: "20000901-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2000-0844", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2000:057", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2000-057.html", }, { name: "20000906 glibc locale security problem", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html", }, { name: "20000902 Conectiva Linux Security Announcement - glibc", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html", }, { name: "SSRT0689U", refsource: "COMPAQ", url: "http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html", }, { name: "TLSA2000020-1", refsource: "TURBO", url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html", }, { name: "20000902 glibc: local root exploit", refsource: "DEBIAN", url: "http://www.debian.org/security/2000/20000902", }, { name: "20000904 UNIX locale format string vulnerability", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html", }, { name: "IY13753", refsource: "AIXAPAR", url: "http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html", }, { name: "1634", refsource: "BID", url: "http://www.securityfocus.com/bid/1634", }, { name: "CSSA-2000-030.0", refsource: "CALDERA", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt", }, { name: "unix-locale-format-string(5176)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5176", }, { name: "20000901-01-P", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2000-0844", datePublished: "2001-01-22T05:00:00", dateReserved: "2000-10-18T00:00:00", dateUpdated: "2024-08-08T05:37:30.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2000-12-19 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_ebuilder | 3.0 | |
| caldera | openlinux | * | |
| caldera | openlinux_edesktop | 2.4 | |
| caldera | openlinux_eserver | 2.3 | |
| redhat | linux | 7.0 | |
| trustix | secure_linux | 1.0 | |
| trustix | secure_linux | 1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_ebuilder:3.0:*:*:*:*:*:*:*", matchCriteriaId: "E02719FF-924A-4E96-AE1D-5994A8D4275E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:caldera:openlinux:*:*:*:*:*:*:*:*", matchCriteriaId: "4EC3F7E5-5D49-471B-A705-ADD2642E5B46", vulnerable: true, }, { criteria: "cpe:2.3:o:caldera:openlinux_edesktop:2.4:*:*:*:*:*:*:*", matchCriteriaId: "B211BCBF-CB17-4D32-B6FE-A34D86C4FBF9", vulnerable: true, }, { criteria: "cpe:2.3:o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*", matchCriteriaId: "3BE526D3-4CD8-423C-81FA-65B92F862A5E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.0:*:*:*:*:*:*:*", matchCriteriaId: "8DF1A678-FEF1-4549-8EDC-518444CFC57F", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*", matchCriteriaId: "9D0DFB12-B43F-4207-A900-464A97F5124D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.", }, ], id: "CVE-2000-0917", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2000-12-19T05:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html", }, { source: "cve@mitre.org", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.cert.org/advisories/CA-2000-22.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2000-065.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/1712", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.cert.org/advisories/CA-2000-22.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2000-065.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/1712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5287", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2000-07-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_desktop | 2.3 | |
| caldera | openlinux_ebuilder | 2.3 | |
| caldera | openlinux_edesktop | 2.4 | |
| caldera | openlinux_eserver | 2.3 | |
| freebsd | freebsd | 3.5 | |
| freebsd | freebsd | 4.0 | |
| mandrakesoft | mandrake_linux | 2007 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_desktop:2.3:*:*:*:*:*:*:*", matchCriteriaId: "39CEEC92-B7FE-4E41-9966-DDA9EDF943C1", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_ebuilder:2.3:*:*:*:*:*:*:*", matchCriteriaId: "A4B1F951-6F13-4FFF-84F7-0E65A689DB64", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:caldera:openlinux_edesktop:2.4:*:*:*:*:*:*:*", matchCriteriaId: "B211BCBF-CB17-4D32-B6FE-A34D86C4FBF9", vulnerable: true, }, { criteria: "cpe:2.3:o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*", matchCriteriaId: "3BE526D3-4CD8-423C-81FA-65B92F862A5E", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*", matchCriteriaId: "47E02BE6-4800-4940-B269-385B66AC5077", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*", matchCriteriaId: "D0A585A1-FF82-418F-90F8-072458DB7816", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", matchCriteriaId: "02362C25-B373-4FB1-AF4A-2AFC7F7D4387", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.", }, ], id: "CVE-2000-0594", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2000-07-04T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html", }, { source: "cve@mitre.org", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2000-042.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/1436", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2000-042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/1436", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2000-11-14 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_ebuilder:3.0:*:*:*:*:*:*:*", matchCriteriaId: "E02719FF-924A-4E96-AE1D-5994A8D4275E", vulnerable: true, }, { criteria: "cpe:2.3:a:immunix:immunix:6.2:*:*:*:*:*:*:*", matchCriteriaId: "DB0F79BE-8EBF-44D8-83A1-9331669BED54", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "48F068BE-F5B3-4E43-8E6A-24AB4D2DEDF0", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:4.0es:*:*:*:*:*:*:*", matchCriteriaId: "6529EC98-7CF7-47A1-95BB-2F34066FE95D", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:4.1:*:*:*:*:*:*:*", matchCriteriaId: "FFDAB801-AAA0-4B3B-B488-52E7BA8650C5", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:4.2:*:*:*:*:*:*:*", matchCriteriaId: "612AC3B1-8E55-437F-9600-67EA1A8BAD48", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "537A5C29-D770-4755-A6AB-8916754E14DB", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*", matchCriteriaId: "E3AC05A9-04DA-4ED3-94D8-3254384CB724", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.2:*:*:*:*:*:*:*", matchCriteriaId: "0ECE564D-B4BB-4C05-88CC-CDC3F8E4E366", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.3:*:*:*:*:*:*:*", matchCriteriaId: "B2D59247-56FA-46B4-BB51-2DAE71AFC145", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.4:*:*:*:*:*:*:*", matchCriteriaId: "15BE08F8-5F3F-45DB-BFE0-1F6F2F57A4D4", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", matchCriteriaId: "C30D6962-3DBB-4DF8-A04F-8E47AFEDCF99", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", matchCriteriaId: "36B60E50-4F5A-4404-BEA3-C94F7D27B156", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*", matchCriteriaId: "772E3C7E-9947-414F-8642-18653BB048E0", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", matchCriteriaId: "E6B2E6D1-8C2D-4E15-A6BB-E4FE878ED1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*", matchCriteriaId: "8D51EC29-8836-4F87-ABF8-FF7530DECBB1", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*", matchCriteriaId: "518B7253-7B0F-4A0A-ADA7-F3E3B5AAF877", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", matchCriteriaId: "440B7208-34DB-4898-8461-4E703F7EDFB7", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", matchCriteriaId: "D07AA144-6FD7-4C80-B4F2-D21C1AFC864A", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", matchCriteriaId: "29113D8E-9618-4A0E-9157-678332082858", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", matchCriteriaId: "313613E9-4837-433C-90EE-84A92E8D24E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:caldera:openlinux:*:*:*:*:*:*:*:*", matchCriteriaId: "4EC3F7E5-5D49-471B-A705-ADD2642E5B46", vulnerable: true, }, { criteria: "cpe:2.3:o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*", matchCriteriaId: "3BE526D3-4CD8-423C-81FA-65B92F862A5E", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:2.0:*:*:*:*:*:*:*", matchCriteriaId: "203BDD63-2FA5-42FD-A9CD-6BDBB41A63C4", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:2.1:*:*:*:*:*:*:*", matchCriteriaId: "3C67BDA1-9451-4026-AC6D-E912C882A757", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*", matchCriteriaId: "58B90124-0543-4226-BFF4-13CCCBCCB243", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:2.3:*:*:*:*:*:*:*", matchCriteriaId: "618111F3-6608-47F0-AB0D-21547E342871", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DD5E0678-45C7-492A-963C-897494D6878F", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "E55C28A7-CD21-47CD-AA50-E8B2D89A18E8", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "D3C00FC9-AD97-4226-A0EA-7DB14AA592DE", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.0:*:*:*:*:*:*:*", matchCriteriaId: "44C6203A-D05B-47B1-8BC2-BA021EBAFDEB", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.1:*:*:*:*:*:*:*", matchCriteriaId: "FBF25306-E7C2-4F9A-A809-4779A6C0A079", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B3BA7775-30F2-4CA0-BA6E-70ED12A48D90", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.1.2:*:*:*:*:*:*:*", matchCriteriaId: "FB038A89-1CA6-4313-B7CE-56C894945FFD", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.1.3:*:*:*:*:*:*:*", matchCriteriaId: "2B3BC86F-5718-4232-BFFF-6244A7C09B8F", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.1.4:*:*:*:*:*:*:*", matchCriteriaId: "E6118CC1-6E51-4E1B-8F58-43B337515222", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.1.5:*:*:*:*:*:*:*", matchCriteriaId: "F3D3B348-270F-4209-B31A-2B40F5E4A601", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.2:*:*:*:*:*:*:*", matchCriteriaId: "05F20EC2-ADE6-4F96-A2E7-1DCCA819D657", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "91D7C561-4D23-430B-A7D8-137E52B08FF5", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*", matchCriteriaId: "11ACD012-F05F-45CD-A170-96CBAA42FFE4", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "55919E74-09E7-44BA-9941-D1B69BB1692F", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*", matchCriteriaId: "45F3C5D8-8BC3-44EB-917A-D0BA051D3D9D", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "E4853E92-5E0A-47B9-A343-D5BEE87D2C27", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "3EC1FF5D-5EAB-44D5-B281-770547C70D68", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "4BF54738-3C44-4FD4-AA9C-CAB2E86B1DC1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*", matchCriteriaId: "4EF44364-0F57-4B74-81B0-501EA6B58501", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:5.2:*:*:*:*:*:*:*", matchCriteriaId: "A8EED385-8C39-4A40-A507-2EFE7652FB35", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2DFA94D5-0139-490C-8257-0751FE9FBAE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*", matchCriteriaId: "2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*", matchCriteriaId: "0633B5A6-7A88-4A96-9462-4C09D124ED36", vulnerable: true, }, { criteria: "cpe:2.3:o:slackware:slackware_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A9C005-4392-4C95-9B92-98EEC73EFE73", vulnerable: true, }, { criteria: "cpe:2.3:o:slackware:slackware_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "F0297F56-5F41-48FD-AB47-36E3BD2AB7E7", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", matchCriteriaId: "34EBF074-78C8-41AF-88F1-DA6726E56F8B", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*", matchCriteriaId: "C1370216-93EB-400F-9AA6-CB2DC316DAA7", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.1:*:*:*:*:*:*:*", matchCriteriaId: "5FF2C7C4-6F8D-40DB-9FBC-E7E4D76A2B23", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.2:*:*:*:*:*:*:*", matchCriteriaId: "84523B48-218B-45F4-9C04-2C103612DCB2", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*", matchCriteriaId: "C7A22D21-E0A9-4B56-86C7-805AD1A610D6", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*", matchCriteriaId: "7AAC8954-74A8-4FE3-ABE7-57DA041D9D8F", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*", matchCriteriaId: "5B72953B-E873-4E44-A3CF-12D770A0D416", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", matchCriteriaId: "39F847DB-65A9-47DA-BCFA-A179E5E2301A", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", matchCriteriaId: "08003947-A4F1-44AC-84C6-9F8D097EB759", vulnerable: true, }, { criteria: "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", matchCriteriaId: "A2475113-CFE4-41C8-A86F-F2DA6548D224", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*", matchCriteriaId: "124E1802-7984-45ED-8A92-393FC20662FD", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*", matchCriteriaId: "1B67020A-6942-4478-B501-764147C4970D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*", matchCriteriaId: "0AD0FF64-05DF-48C2-9BB5-FD993121FB2E", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*", matchCriteriaId: "7786607A-362E-4817-A17E-C76D6A1F737D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "C9E7D75A-333E-4C63-9593-F64ABA5D1CE3", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.0:*:*:*:*:*:*:*", matchCriteriaId: "8DF1A678-FEF1-4549-8EDC-518444CFC57F", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*", matchCriteriaId: "9D0DFB12-B43F-4207-A900-464A97F5124D", vulnerable: true, }, { criteria: "cpe:2.3:o:turbolinux:turbolinux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "981A0654-C17D-48BB-A8B3-A728CB159C33", vulnerable: true, }, { criteria: "cpe:2.3:o:turbolinux:turbolinux:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2AA8956D-F533-42BA-A06B-7CDB0A267B2F", vulnerable: true, }, { criteria: "cpe:2.3:o:turbolinux:turbolinux:6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C6619B49-8A89-4600-A47F-A39C8BF54259", vulnerable: true, }, { criteria: "cpe:2.3:o:turbolinux:turbolinux:6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A0AA1204-D181-4E1C-B795-159FC57E86A9", vulnerable: true, }, { criteria: "cpe:2.3:o:turbolinux:turbolinux:6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "24740C11-59D0-4071-97BD-8BF7084FC1FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.", }, ], id: "CVE-2000-0844", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2000-11-14T05:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html", }, { source: "cve@mitre.org", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2000/20000902", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2000-057.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/1634", }, { source: "cve@mitre.org", url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2000/20000902", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2000-057.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/1634", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/5176", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }