CVE-2000-0998
published 2000-12-11CVE-2000-0998: Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.88%
54.6th percentile
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Debian top - Format String
exploitdb·2004-12-12
CVE-2000-0998 Debian top - Format String
Debian top - Format String
---
source: https://www.securityfocus.com/bid/1895/info
top is a program used to display system usage statistics in real time written by GoupSys Consulting but shipped by default as a core component with many operating systems. On BSD systems, top is installed setgid kmem so that it may read process information from kernel memory if executed by a user who does not have that privilege.
top contains a format-string vulnerability that may lead to a compromise of effective groupid kmem on BSD systems (or similar privileges on other systems). The problem occurs in the printing of error messages to a users terminal. A string partially composed of user input (the error message) is passed to a printf() function as the format string argument, allowing malicious format
Exploit-DB
FreeBSD 3.5/4.x - '/usr/bin/top' Format String
exploitdb·2000-11-01
CVE-2000-0998 FreeBSD 3.5/4.x - '/usr/bin/top' Format String
FreeBSD 3.5/4.x - '/usr/bin/top' Format String
---
/*
source: https://www.securityfocus.com/bid/1895/info
top is a program used to display system usage statistics in real time written by GoupSys Consulting but shipped by default as a core component with many operating systems. On BSD systems, top is installed setgid kmem so that it may read process information from kernel memory if executed by a user who does not have that privilege.
top contains a format-string vulnerability that may lead to a compromise of effective groupid kmem on BSD systems (or similar privileges on other systems). The problem occurs in the printing of error messages to a users terminal. A string partially composed of user input (the error message) is passed to a printf() function as the format string argument, al
No writeups or analysis indexed.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:62.top.v1.1.ascftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patchhttp://www.securityfocus.com/bid/1895ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:62.top.v1.1.ascftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patchhttp://www.securityfocus.com/bid/1895
2000-12-11
Published