Multiple Vendor BSD libutil pw_error() Format String Vulnerability
|
Bugtraq ID:
|
1744
|
|
Class:
|
Input Validation Error
|
|
CVE:
|
|
|
Remote:
|
No
|
|
Local:
|
Yes
|
|
Published:
|
Oct 04 2000 12:00AM
|
|
Updated:
|
Oct 04 2000 12:00AM
|
|
Credit:
|
Discovered by the OpenBSD team during their June 2000 audit for format string attacks. First published and posted to Bugtraq as OpenBSD advisory on Oct 3, 2000. Exploit submitted by caddis <caddis@dissension.net> on Oct 2, 2000.
|
|
Vulnerable:
|
OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.5
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.3
NetBSD NetBSD 1.4.2
NetBSD NetBSD 1.4.1
NetBSD NetBSD 1.4
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 3.4
FreeBSD FreeBSD 3.3
FreeBSD FreeBSD 3.2
|
|
|
|
Not Vulnerable:
|
OpenBSD OpenBSD 2.8
FreeBSD FreeBSD 4.1
|
|
