Vulnerability in Caldera Openlinux
CVE-2000-0844
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
EPSS: 0.153 (96.4th percentile) — read the EPSS interpretation.
Affected products
- Caldera Openlinux
- Caldera Openlinux_ebuilder — versions 3.0
- Caldera Openlinux_eserver — versions 2.3
- Conectiva Linux — versions 4.0, 4.0es, 4.1
- Ibm Aix — versions 3.2, 3.2.4, 3.2.5
- Immunix — versions 6.2
- Mandrakesoft Mandrake_linux — versions 7.0, 7.1
- Sgi Irix — versions 6.2, 6.3, 6.4
- Slackware Slackware_linux — versions 7.0, 7.1
- Sun Solaris — versions 2.6
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_SUSE)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_COMPAQ, vendor-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_TURBO)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (Vendor Advisory, mailing-list, Exploit, x_refsource_BUGTRAQ, Patch)
- cve@mitre.org (vendor-advisory, x_refsource_AIXAPAR)
- cve@mitre.org (Exploit, Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (x_refsource_CALDERA, vendor-advisory)