Multiple Vendor BSD libutil pw_error() Format String Vulnerability

Bugtraq ID: 1744
Class: Input Validation Error
CVE:
Remote: No
Local: Yes
Published: Oct 04 2000 12:00AM
Updated: Oct 04 2000 12:00AM
Credit: Discovered by the OpenBSD team during their June 2000 audit for format string attacks. First published and posted to Bugtraq as OpenBSD advisory on Oct 3, 2000. Exploit submitted by caddis <caddis@dissension.net> on Oct 2, 2000.
Vulnerable: OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.5
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.3
NetBSD NetBSD 1.4.2
NetBSD NetBSD 1.4.1
NetBSD NetBSD 1.4
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 3.4
FreeBSD FreeBSD 3.3
FreeBSD FreeBSD 3.2
Not Vulnerable: OpenBSD OpenBSD 2.8
FreeBSD FreeBSD 4.1


 

Privacy Statement
Copyright 2010, SecurityFocus