CVE-2000-1043Use of Externally-Controlled Format String in Mandrake Linux

6 documents5 sources
Severity
10.0CRITICALNVD
EPSS
0.5%
top 35.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mandrakesoft Mandrake Linux
Timeline
PublishedDec 11
Latest updateApr 30

Description

Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmandrakesoft/mandrake_linux6.1, 7.0, 7.1+2

Patches

Patch: www.linux-mandrake.comPatch: www.linux-mandrake.com

🔴Vulnerability Details

2
GHSA
GHSA-2vq2-p76v-j88p: Format string vulnerability in ypserv in Mandrake Linux 72022-04-30
CVEList
CVE-2000-1043: Format string vulnerability in ypserv in Mandrake Linux 72001-01-22

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Server 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 Microsoft DoS Device Name - Denial of Service2000-03-04

🔍Detection Rules

2
Suricata
GPL RPC portmap ypserv request UDP2010-09-23
Suricata
GPL RPC portmap ypserv request TCP2010-09-23
CVE-2000-1043 — Mandrake Linux vulnerability | cvebase