Vulnerability Name: | CVE-2000-0867 (CCN-5259) | ||||||||
Assigned: | 2000-09-18 | ||||||||
Published: | 2000-09-18 | ||||||||
Updated: | 2018-05-03 | ||||||||
Summary: | Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CALDERA Type: UNKNOWN CSSA-2000-032.0 Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2000-032.0 Security problems in syslogd/klogd Source: BUGTRAQ Type: Vendor Advisory 20000917 klogd format bug Source: CCN Type: BugTraq Mailing List, Sun Sep 17 2000 - 23:13:53 CDT klogd format bug Source: MITRE Type: CNA CVE-2000-0867 Source: MANDRAKE Type: UNKNOWN MDKSA-2000:050 Source: BUGTRAQ Type: UNKNOWN 20000918 Conectiva Linux Security Announcement - sysklogd Source: CCN Type: RHSA-2000:061-02 sysklogd Source: DEBIAN Type: Debian Security Advisory 20000919 sysklogd Source: SUSE Type: UNKNOWN 20000920 syslogd + klogd format string parsing error Source: OSVDB Type: UNKNOWN 5824 Source: CCN Type: OSVDB ID: 5824 klogd Malformed Kernel Message Format String Source: REDHAT Type: UNKNOWN RHSA-2000:061 Source: CCN Type: BID-1694 Multiple Linux Vendor klogd Vulnerability Source: TURBO Type: UNKNOWN TLSA2000022-2 Source: CCN Type: MandrakeSoft Security Advisory MDKSA-2000:050 sysklogd Source: XF Type: UNKNOWN klogd-format-string(5259) Source: XF Type: UNKNOWN klogd-format-string(5259) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |