Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0193Use of Externally-Controlled Format String in Linux

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 57.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian LinuxSuse Linux
Timeline
PublishedMay 3
Latest updateApr 30

Description

Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDsuse/suse_linux6.3, 6.4, 7.0+2

Also affects: Debian Linux 2.2

Patches

Patch: www.debian.orgPatch: www.securityfocus.comPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-xgp2-f259-4rjq: Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter2022-04-30
CVEList
CVE-2001-0193: Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter2001-05-07

💥Exploits & PoCs

1
Exploit-DB
Debian 2.2 / Su.S.E 6.3/6.4/7.0 - man '-l' Format String2001-01-31
CVE-2001-0193 — Debian Linux vulnerability | cvebase