← Back

CVE-2000-0993

nvd nist
Published: Dec 19, 2000Modified: Apr 16, 2026

JSON object

Loading...
7.2
Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 3.9 / Impact: 10.0
Source: NVD

Description

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

Affected (13)

Freebsd
1 product
Freebsd
Netbsd
1 product
Netbsd
Openbsd
1 product
Openbsd
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Freebsd
Version 3.2
Freebsd
Version 3.3
Freebsd
Version 3.4
Freebsd
Version 3.5
Freebsd
Version 4.0
Netbsd
Netbsd
Version 1.4.1
Netbsd
Version 1.4.2
Netbsd
Version 1.4
Openbsd
Openbsd
Version 2.3
Openbsd
Version 2.4
Openbsd
Version 2.5
Openbsd
Version 2.6
Openbsd
Version 2.7

References (12)

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc (unsafe URL)
Source: cve@mitre.org
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc (unsafe URL)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: cve@mitre.org
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.