{"vuid":"VU#369427","idnumber":"369427","name":"Format string vulnerability in libutil pw_error(3) function","keywords":["OpenBSD","FreeBSD","*BSD","libutil","pw_error()","chpass","format string"],"overview":"There is an input validation vulnerability in the OpenBSD libutil system library that allows local users to gain superuser access via the chpass utility.","clean_desc":"On June 30, 2000, the OpenBSD development team repaired an input validation vulnerability in the pw_error function of the OpenBSD 2.7 libutil library. It was later discovered that when this function is called by the setuid program /usr/bin/chpass on unpatched systems, it is possible for users to obtain superuser access.","impact":"Attackers with an account on affected systems can obtain superuser access via the chpass utility.","resolution":"Apply a patch from your vendor. See the vendors section of this document for further information from your vendor.","workarounds":"The CERT/CC recommends that vulnerable users protect their systems by removing the SUID bit on chpass.","sysaffected":"","thanks":"","author":"This document was written by Jeffrey P. Lanza.","public":["http://www.securityfocus.com/bid/1744","http://www.openbsd.org/errata.html (025)","ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/025_pw_error.patch"],"cveids":["CVE-2000-0993"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-10-13T21:39:12Z","publicdate":"2000-10-03T00:00:00Z","datefirstpublished":"2000-11-07T22:18:58Z","dateupdated":"2001-03-30T00:27:59Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"12","cam_internetinfrastructure":"4","cam_population":"12","cam_impact":"20","cam_easeofexploitation":"8","cam_attackeraccessrequired":"10","cam_scorecurrent":"11.16","cam_scorecurrentwidelyknown":"12.96","cam_scorecurrentwidelyknownexploited":"15.84","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.16,"vulnote":null}