Vulnerability Name: | CVE-2000-1207 (CCN-11089) | ||||||||
Assigned: | 2000-09-30 | ||||||||
Published: | 2000-09-30 | ||||||||
Updated: | 2016-10-18 | ||||||||
Summary: | userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844). | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2000-1207 Source: BUGTRAQ Type: UNKNOWN 20000930 glibc and userhelper - local root Source: BUGTRAQ Type: UNKNOWN 20001003 SuSE: userhelper/usermode Source: CCN Type: BugTraq Mailing List, 2000-09-30 13:11:53 glibc and userhelper - local root Source: CCN Type: BugTraq Mailing List, 2000-10-03 18:17:21 SuSE: userhelper/usermode Source: CCN Type: RHSA-2000-075 Updated usermode packages available Source: MANDRAKE Type: Vendor Advisory MDKSA-2000:059 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2000:075 Source: CCN Type: MandrakeSoft Security Advisory MDKSA-2000:059 usermode Source: XF Type: UNKNOWN usermode-userhelper-bypass-security(11089) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |