CVE-2000-1013

FreeBSD 5.0 and earlier - Arbitrary File Read via LANG Environmental Variable

Title source: llm
STIX 2.1

Description

The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.

References (1)

Core 1
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_freebsd
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc

Scores

EPSS 0.0005
EPSS Percentile 14.4%

Details

Status published
Products (12)
freebsd/freebsd 3.0
freebsd/freebsd 3.1
freebsd/freebsd 3.2
freebsd/freebsd 3.3
freebsd/freebsd 3.4
freebsd/freebsd 3.5
freebsd/freebsd 3.5.1
freebsd/freebsd 4.0
freebsd/freebsd 4.1
freebsd/freebsd 4.1.1
... and 2 more
Published Dec 11, 2000
Tracked Since Feb 18, 2026