CVE-2000-0844

Description

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Affected products

• caldera / openlinux
• caldera / openlinux_ebuilder3.0 – 3.0
• caldera / openlinux_eserver2.3 – 2.3
• conectiva / linux4.0es – 4.0es
• conectiva / linux5.0 – 5.0
• conectiva / linux5.1 – 5.1
• conectiva / linux4.0 – 4.0
• conectiva / linux4.2 – 4.2
• conectiva / linux4.1 – 4.1
• Debian / debian_linux2.2 – 2.2
• Debian / debian_linux2.3 – 2.3
• Debian / debian_linux2.1 – 2.1
• Debian / debian_linux2.0 – 2.0
• ibm / aix4.1.5 – 4.1.5
• ibm / aix4.2.1 – 4.2.1
• ibm / aix4.3 – 4.3
• ibm / aix4.3.1 – 4.3.1
• ibm / aix4.3.2 – 4.3.2
• ibm / aix3.2.4 – 3.2.4
• ibm / aix3.2.5 – 3.2.5
• ibm / aix4.0 – 4.0
• ibm / aix4.1 – 4.1
• ibm / aix4.1.1 – 4.1.1
• ibm / aix4.1.2 – 4.1.2
• ibm / aix4.1.3 – 4.1.3
• ibm / aix4.1.4 – 4.1.4
• ibm / aix4.2 – 4.2
• ibm / aix3.2 – 3.2
• immunix / immunix6.2 – 6.2
• mandrakesoft / mandrake_linux7.0 – 7.0
• mandrakesoft / mandrake_linux7.1 – 7.1
• RedHat / linux6.0 – 6.0
• RedHat / linux5.2 – 5.2
• RedHat / linux5.1 – 5.1
• RedHat / linux5.0 – 5.0
• RedHat / linux6.2 – 6.2
• RedHat / linux6.1 – 6.1
• sgi / irix6.5.6 – 6.5.6
• sgi / irix6.2 – 6.2
• sgi / irix6.3 – 6.3
• sgi / irix6.4 – 6.4
• sgi / irix6.5 – 6.5
• sgi / irix6.5.1 – 6.5.1
• sgi / irix6.5.2m – 6.5.2m
• sgi / irix6.5.3 – 6.5.3
• sgi / irix6.5.3f – 6.5.3f
• sgi / irix6.5.3m – 6.5.3m
• sgi / irix6.5.4 – 6.5.4
• sgi / irix6.5.7 – 6.5.7
• sgi / irix6.5.8 – 6.5.8
• slackware / slackware_linux7.0 – 7.0
• slackware / slackware_linux7.1 – 7.1
• sun / solaris2.6 – 2.6
• sun / sunos5.0 – 5.0
• sun / sunos5.1 – 5.1
• sun / sunos5.2 – 5.2
• sun / sunos5.3 – 5.3
• sun / sunos5.4 – 5.4
• sun / sunos5.5 – 5.5
• sun / sunos5.5.1 – 5.5.1
• sun / sunos5.7 – 5.7
• sun / sunos5.8 – 5.8
• SUSE / suse_linux6.1 – 6.1
• SUSE / suse_linux6.2 – 6.2
• SUSE / suse_linux6.3 – 6.3
• SUSE / suse_linux6.4 – 6.4
• SUSE / suse_linux7.0 – 7.0
• trustix / secure_linux1.0 – 1.0
• trustix / secure_linux1.1 – 1.1
• turbolinux / turbolinux6.0 – 6.0
• turbolinux / turbolinux6.0.1 – 6.0.1
• turbolinux / turbolinux6.0.2 – 6.0.2
• turbolinux / turbolinux6.0.3 – 6.0.3
• turbolinux / turbolinux6.0.4 – 6.0.4

References

• MISChttp://www.redhat.com/support/errata/RHSA-2000-057.html
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
• MISChttp://archives.neohapsis.com/archives/tru64/2000-q4/0000.html
• MISChttp://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2000/20000902
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html
• MISChttp://www.securityfocus.com/bid/1634
• VENDOR_ADVISORYhttp://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/5176
• VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20000901-01-P