Vulnerability Name:

CVE-2000-0844 (CCN-5176)

Assigned:2000-09-04
Published:2000-09-04
Updated:2018-10-30
Summary:Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2000-030.0
serious vulnerability in glibc NLS code

Source: CCN
Type: SGI Security Advisory 20000901-01-A
locale vulnerability

Source: CCN
Type: SGI Security Advisory 20000901-01-P
locale vulnerability

Source: SGI
Type: UNKNOWN
20000901-01-P

Source: CCN
Type: BugTraq Mailing List, Wed Aug 30 2000 - 19:14:23 CDT
glibc unsetenv bug

Source: BUGTRAQ
Type: UNKNOWN
20000902 Conectiva Linux Security Announcement - glibc

Source: CCN
Type: Conectiva Linux Announcement CLSA-2000:313
glibc

Source: BUGTRAQ
Type: Exploit, Patch, Vendor Advisory
20000904 UNIX locale format string vulnerability

Source: CCN
Type: BugTraq Mailing List, Wed Sep 06 2000 - 05:02:35 CDT
[slackware-security]: glibc 2.1.3 vulnerabilities patched

Source: AIXAPAR
Type: UNKNOWN
IY13753

Source: CCN
Type: BugTraq Mailing List, Mon Jun 11 2001 - 21:20:23 CDT
"at" is vulnerable on Solaris 7 and 8

Source: COMPAQ
Type: UNKNOWN
SSRT0689U

Source: MITRE
Type: CNA
CVE-2000-0844

Source: CCN
Type: SuSE Security Announcement, September 6th, 2000
shlibs (glibc-2.0, glibc-2.1)

Source: CCN
Type: RHSA-2000:057-02
glibc vulnerabilities in ld.so, locale and gettext

Source: CCN
Type: TurboLinux Security Announcement TLSA2000021-1
glibc unsetenv and locale

Source: CALDERA
Type: UNKNOWN
CSSA-2000-030.0

Source: CCN
Type: CIAC Information Bulletin L-014
AIX Format String Vulnerability

Source: CCN
Type: Core Security Technologies Advisory CORE-090400
UNIX locale format string vulnerability

Source: DEBIAN
Type: UNKNOWN
20000902 glibc: local root exploit

Source: DEBIAN
Type: Debian Security Advisory 20000902
glibc: local root exploit

Source: SUSE
Type: UNKNOWN
20000906 glibc locale security problem

Source: CCN
Type: OSVDB ID: 13767
Red Hat Linux usermode Package userhelper glibc Security Meausre Bypass

Source: CCN
Type: OSVDB ID: 14794
Multiple Unix Vendor locale subsystem Multiple Function Format String

Source: REDHAT
Type: UNKNOWN
RHSA-2000:057

Source: BID
Type: Exploit, Patch, Vendor Advisory
1634

Source: CCN
Type: BID-1634
Multiple Vendor Locale Subsystem Format String Vulnerability

Source: TURBO
Type: UNKNOWN
TLSA2000020-1

Source: XF
Type: UNKNOWN
unix-locale-format-string(5176)

Source: XF
Type: UNKNOWN
unix-locale-format-string(5176)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:caldera:openlinux_ebuilder:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:immunix:immunix:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0es:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.2m:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.3f:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.3m:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.6:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.7:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.8:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:caldera:openlinux:*:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:3.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:3.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:3.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.4:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*
  • OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    caldera openlinux ebuilder 3.0
    immunix immunix 6.2
    conectiva linux 4.0
    conectiva linux 4.0es
    conectiva linux 4.1
    conectiva linux 4.2
    conectiva linux 5.0
    conectiva linux 5.1
    sgi irix 6.2
    sgi irix 6.3
    sgi irix 6.4
    sgi irix 6.5
    sgi irix 6.5.1
    sgi irix 6.5.2m
    sgi irix 6.5.3
    sgi irix 6.5.3f
    sgi irix 6.5.3m
    sgi irix 6.5.4
    sgi irix 6.5.6
    sgi irix 6.5.7
    sgi irix 6.5.8
    caldera openlinux *
    caldera openlinux eserver 2.3
    debian debian linux 2.0
    debian debian linux 2.1
    debian debian linux 2.2
    debian debian linux 2.3
    ibm aix 3.2
    ibm aix 3.2.4
    ibm aix 3.2.5
    ibm aix 4.0
    ibm aix 4.1
    ibm aix 4.1.1
    ibm aix 4.1.2
    ibm aix 4.1.3
    ibm aix 4.1.4
    ibm aix 4.1.5
    ibm aix 4.2
    ibm aix 4.2.1
    ibm aix 4.3
    ibm aix 4.3.1
    ibm aix 4.3.2
    mandrakesoft mandrake linux 7.0
    mandrakesoft mandrake linux 7.1
    redhat linux 5.0
    redhat linux 5.1
    redhat linux 5.2
    redhat linux 6.0
    redhat linux 6.1
    redhat linux 6.2
    slackware slackware linux 7.0
    slackware slackware linux 7.1
    sun solaris 2.6
    sun sunos 5.0
    sun sunos 5.1
    sun sunos 5.2
    sun sunos 5.3
    sun sunos 5.4
    sun sunos 5.5
    sun sunos 5.5.1
    sun sunos 5.7
    sun sunos 5.8
    suse suse linux 6.1
    suse suse linux 6.2
    suse suse linux 6.3
    suse suse linux 6.4
    suse suse linux 7.0
    trustix secure linux 1.0
    trustix secure linux 1.1
    turbolinux turbolinux 6.0
    turbolinux turbolinux 6.0.1
    turbolinux turbolinux 6.0.2
    turbolinux turbolinux 6.0.3
    turbolinux turbolinux 6.0.4
    sgi irix *
    redhat linux *
    debian debian linux *
    redhat linux 6.0
    sun solaris 8
    connectiva linux -
    sun solaris 7.0