CVE-2000-0867 — Use of Externally-Controlled Format String in Linux

5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Linux Mandrakesoft Mandrake Linux Redhat Linux +1 more

Timeline

PublishedNov 14

Latest updateMay 3

Description

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDredhat/linux5.2, 6.2+1

▶NVDtrustix/secure_linux1.1

▶NVDmandrakesoft/mandrake_linux4 versions+3

Also affects: Debian Linux 2.1, 2.2

🔴Vulnerability Details

GHSA

GHSA-6723-fv38-7gcj: Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by tri↗2022-05-03

▶

CVEList

CVE-2000-0867: Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by tri↗2001-01-22

▶

📋Vendor Advisories

Red Hat

security flaw↗2000-09-17

▶

💬Community

Bugzilla

CVE-2000-0867 security flaw↗2018-08-16

▶