OpenBSD su Format String

2000-10-04T00:00:00
ID OSVDB:6124
Type osvdb
Reporter OSVDB
Modified 2000-10-04T00:00:00

Description

Vulnerability Description

OpenBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to a flaw in the su program which could allow a malicious user to gain root access via a malformed shell. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

Short Description

OpenBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to a flaw in the su program which could allow a malicious user to gain root access via a malformed shell. This flaw may lead to a loss of integrity.

References:

Vendor Specific Solution URL: ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Vendor Specific Advisory URL ISS X-Force ID: 5636 CVE-2000-0996