Lucene search

MitreCVE-2000-0994

HistoryJan 22, 2001 - 5:00 a.m.

CVE-2000-0994

2001-01-2205:00:00

mitre

web.nvd.nist.gov

openbsd

fstat

vulnerability

root privileges

local users

bsd-based operating systems

cve-2000-0994

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

Percentile

0.4%

JSON

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

Affected configurations

Nvd

Node

openbsdopenbsdMatch2.3

openbsdopenbsdMatch2.4

openbsdopenbsdMatch2.5

openbsdopenbsdMatch2.6

openbsdopenbsdMatch2.7

VendorProductVersionCPE
openbsdopenbsd2.3cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
openbsdopenbsd2.4cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*
openbsdopenbsd2.5cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
openbsdopenbsd2.6cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
openbsdopenbsd2.7cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openbsd	openbsd	2.3	cpe:2.3:o:openbsd:openbsd:2.3:::::::*
openbsd	openbsd	2.4	cpe:2.3:o:openbsd:openbsd:2.4:::::::*
openbsd	openbsd	2.5	cpe:2.3:o:openbsd:openbsd:2.5:::::::*
openbsd	openbsd	2.6	cpe:2.3:o:openbsd:openbsd:2.6:::::::*
openbsd	openbsd	2.7	cpe:2.3:o:openbsd:openbsd:2.7:::::::*

References

ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch

marc.info/?l=bugtraq&m=97068555106135&w=2

www.securityfocus.com/bid/1746

exchange.xforce.ibmcloud.com/vulnerabilities/5338

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2000-0994