CVE-2000-0867
First published: Tue Nov 14 2000(Updated: )
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trustix Secure Linux | =1.1 | |
| Mandrake Linux | =7.0 | |
| Red Hat Linux | =6.2 | |
| Mandrake Linux | =7.1 | |
| Debian Debian Linux | =2.1 | |
| Red Hat Linux | =5.2 | |
| Mandrake Linux | =6.0 | |
| Slackware Linux | ||
| Mandrake Linux | =6.1 | |
| Debian Debian Linux | =2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html
- http://www.redhat.com/support/errata/RHSA-2000-061.html
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:050
- http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html
- http://www.novell.com/linux/security/advisories/adv9_draht_syslogd_txt.html
- http://www.osvdb.org/5824
- http://marc.info/?l=bugtraq&m=97726239017741&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5259
Frequently Asked Questions
What is the severity of CVE-2000-0867?
CVE-2000-0867 is considered a critical vulnerability that allows local users to gain root privileges on affected systems.
How do I fix CVE-2000-0867?
To fix CVE-2000-0867, you should upgrade to the latest patched version of the affected operating systems or apply the available security patches.
Which systems are affected by CVE-2000-0867?
CVE-2000-0867 affects several systems including Trustix Secure Linux 1.1, Mandrake Linux 6.0 to 7.1, Red Hat Linux 5.2 to 6.2, and Debian Linux versions 2.1 and 2.2.
Who is impacted by CVE-2000-0867?
Local users with access to the affected operating systems can exploit CVE-2000-0867 to gain unauthorized root privileges.
What exploit techniques are used in CVE-2000-0867?
CVE-2000-0867 exploits improper cleansing of user-injected format strings in the kernel logging daemon, enabling privilege escalation.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/trustix
- canonical/trustix secure linux
- version/trustix secure linux/1.1
- vendor/mandrakesoft
- canonical/mandrake linux
- version/mandrake linux/7.0
- vendor/redhat
- canonical/red hat linux
- version/red hat linux/6.2
- version/mandrake linux/7.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/2.1
- version/red hat linux/5.2
- version/mandrake linux/6.0
- vendor/slackware
- canonical/slackware linux
- version/mandrake linux/6.1
- version/debian debian linux/2.2