Info

Disclosure

Oct 04, 2000

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

OpenBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to a flaw in the yp_passwd program, which could allow a malicious user to supply a malformed name to the printf() function. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

Products

OpenBSD

2.7

References

CVE ID: 2000-0995 (see also: NVD)
ISS X-Force ID: 5635
Vendor Specific Solution URL: ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Vendor Specific Advisory URL: http://www.openbsd.com/errata27.html#format_strings

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218