userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).
References
Link | Resource |
---|---|
http://www.redhat.com/support/errata/RHSA-2000-075.html | Patch Vendor Advisory |
http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-059.php3 | Vendor Advisory |
http://marc.info/?l=bugtraq&m=97034397026473&w=2 | |
http://marc.info/?l=bugtraq&m=97063854808796&w=2 |
Configurations
Information
Published : 2000-09-29 21:00
Updated : 2016-10-17 19:09
NVD link : CVE-2000-1207
Mitre link : CVE-2000-1207
JSON object : View
CWE
Products Affected
redhat
- linux