Search...

CVE-2000-0995

2000-12-19T05:00:00

ID CVE-2000-0995
Type cve
Reporter cve@mitre.org
Modified 2018-05-03T01:29:00

Description

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

JSON Vulners Source

Initial Source

{"id": "CVE-2000-0995", "bulletinFamily": "NVD", "title": "CVE-2000-0995", "description": "Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.", "published": "2000-12-19T05:00:00", "modified": "2018-05-03T01:29:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0995", "reporter": "cve@mitre.org", "references": ["http://www.osvdb.org/6125", "https://exchange.xforce.ibmcloud.com/vulnerabilities/5635", "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch"], "cvelist": ["CVE-2000-0995"], "type": "cve", "lastseen": "2019-05-29T18:07:37", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "9baca11fff2391409513ac808205c76f"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "afc2cbea22ff66681d645ff80f84f53c"}, {"key": "cpe23", "hash": "0b481f386a795d94fefa04fb1b7f7b18"}, {"key": "cvelist", "hash": "d1ba6a0b9235e19d24ae8e31556e293f"}, {"key": "cvss", "hash": "f74481c4d3fb2a622ac8c8a438ded811"}, {"key": "cvss2", "hash": "d5c15c7c1d81cbe81f6a8e0d195b60a2"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "ca8da5758f3b7514ed130f3ea724a394"}, {"key": "href", "hash": "22e73193bf0a4658f4143849d8825ee1"}, {"key": "modified", "hash": "ce0682d9f3fae62f6e9a3b9c19d231b7"}, {"key": "published", "hash": "873f4fc07d56ebd3b9ab96da26a56f5a"}, {"key": "references", "hash": "4d422d28725c6cb78b9236ed7c73214a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "1aa77e9c8ba3c2e2ece950bd93d2a224"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "53b1a2454d295b98812c9366a57c93a4342e729eb6432ade537a76dc30d6e727", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:6125"]}], "modified": "2019-05-29T18:07:37"}, "score": {"value": 7.6, "vector": "NONE", "modified": "2019-05-29T18:07:37"}, "vulnersScore": 7.6}, "objectVersion": "1.3", "cpe": ["cpe:/o:openbsd:openbsd:*", "cpe:/a:openbsd:openbsd:*"], "affectedSoftware": [{"name": "openbsd openbsd", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:00", "bulletinFamily": "software", "description": "## Vulnerability Description\nOpenBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to a flaw in the yp_passwd program, which could allow a malicious user to supply a malformed name to the printf() function. This flaw may lead to a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.\n## Short Description\nOpenBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to a flaw in the yp_passwd program, which could allow a malicious user to supply a malformed name to the printf() function. This flaw may lead to a loss of integrity.\n## References:\nVendor Specific Solution URL: ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch\n[Vendor Specific Advisory URL](http://www.openbsd.com/errata27.html#format_strings)\nISS X-Force ID: 5635\n[CVE-2000-0995](https://vulners.com/cve/CVE-2000-0995)\n", "modified": "2000-10-04T00:00:00", "published": "2000-10-04T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6125", "id": "OSVDB:6125", "type": "osvdb", "title": "OpenBSD yp_passwd Malformed Name Format String", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}