Description
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
Product(s):
- Caldera OpenLinux eBuilder 3.0
- Immunix 6.2
- Caldera OpenLinux
- Caldera OpenLinux eServer 2.3
- Conectiva Conectiva Linux 4.0
- Conectiva Conectiva Linux 4.0es
- Conectiva Conectiva Linux 4.1
- Conectiva Conectiva Linux 4.2
- Conectiva Conectiva Linux 5.0
- Conectiva Conectiva Linux 5.1
- Debian Debian Linux 2.0
- Debian Debian Linux 2.1
- Debian Debian Linux 2.2
- Debian Debian Linux 2.3
- IBM AIX 3.2.4
- IBM AIX 3.2.5
- IBM AIX 3.2
- IBM AIX 4.0
- IBM AIX 4.1.1
- IBM AIX 4.1.2
- IBM AIX 4.1.3
- IBM AIX 4.1.4
- IBM AIX 4.1.5
- IBM AIX 4.1
- IBM AIX 4.2.1
- IBM AIX 4.2
- IBM AIX 4.3.1
- IBM AIX 4.3.2
- IBM AIX 4.3
- MandrakeSoft Mandrake Linux 7.0
- MandrakeSoft Mandrake Linux 7.1
- Red Hat Linux 5.0
- Red Hat Linux 5.1
- Red Hat Linux 5.2
- Red Hat Linux 6.0
- Red Hat Linux 6.1
- Red Hat Linux 6.2
- SGI IRIX 6.2
- SGI IRIX 6.3
- SGI IRIX 6.4
- SGI IRIX 6.5.1
- SGI IRIX 6.5.2m
- SGI IRIX 6.5.3
- SGI IRIX 6.5.3f
- SGI IRIX 6.5.3m
- SGI IRIX 6.5.4
- SGI IRIX 6.5.6
- SGI IRIX 6.5.7
- SGI IRIX 6.5.8
- SGI IRIX 6.5
- Slackware Linux 7.0
- Slackware Linux 7.1
- Sun Solaris 2.6
- Sun Solaris 2.6 HW3
- Sun Solaris 2.6 x86HW3
- Sun Solaris 2.6 HW5
- Sun Solaris 2.6 x86HW5
- Sun Microsystems Solaris 2.0
- Sun Microsystems Solaris 2.1
- Sun Microsystems Solaris 2.2
- Sun Microsystems Solaris 2.3
- Sun Microsystems Solaris 2.4
- Sun Microsystems Solaris 2.5.1
- Sun Microsystems Solaris 2.5
- Sun Microsystems Solaris 7
- Sun SunOS (Solaris 8) 5.8
- SuSE SuSE Linux 6.1
- SuSE SuSE Linux 6.1 alpha
- SuSE SuSE Linux 6.2
- SuSE SuSE Linux 6.3
- SuSE SuSE Linux 6.3 alpha
- SuSE SuSE Linux 6.4
- SuSE SuSE Linux 6.4 alpha
- SuSE SuSE Linux 7.0
- SuSE SuSE Linux 7.0 alpha
- Trustix Trustix Linux 1.0
- Trustix Secure Linux 1.1
- Turbolinux 6.0.1
- Turbolinux 6.0.2
- Turbolinux 6.0.3
- Turbolinux 6.0.4
- Turbolinux 6.0
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2000-0844, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2000-0844 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.