CVE-2000-0993

BSD libutil - Privilege Escalation

Title source: llm

Description

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

Exploits (1)

exploitdb WORKING POC VERIFIED

by caddis · clocalbsd

https://www.exploit-db.com/exploits/243

View Code ZIP pw:eip

References (6)

[Mailing List] http://marc.info/?l=bugtraq&m=97068555106135&w=2

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/1744

[Various Sources] http://www.openbsd.org/errata27.html#pw_error

[Vendor Advisory] ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc

[Various Sources] ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5339

Scores

EPSS 0.0023

EPSS Percentile 45.7%

Details

Status published

Products (13)

freebsd/freebsd 3.2

freebsd/freebsd 3.3

freebsd/freebsd 3.4

freebsd/freebsd 3.5

freebsd/freebsd 4.0

netbsd/netbsd 1.4

netbsd/netbsd 1.4.1

netbsd/netbsd 1.4.2

openbsd/openbsd 2.3

openbsd/openbsd 2.4

... and 3 more

Published Dec 19, 2000

Tracked Since Feb 18, 2026