CVE-2000-1010
OpenBSD - Remote Code Execution via Format String in talkd Username
Title source: manualDescription
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
References (3)
Core 3
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1764
Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/137890
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5344
Scores
EPSS
0.0163
EPSS Percentile
82.1%
Details
Status
published
Products (8)
openbsd/openbsd
2.3
openbsd/openbsd
2.4
openbsd/openbsd
2.5
openbsd/openbsd
2.6
openbsd/openbsd
2.7
redhat/linux
5.0
redhat/linux
5.1
redhat/linux
5.2 (3 CPE variants)
Published
Dec 11, 2000
Tracked Since
Feb 18, 2026