CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 2CVE-2000-0993 – BSD chpass - 'pw_error' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2000-0993
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. • https://www.exploit-db.com/exploits/243 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc http://marc.info/?l=bugtraq&m=97068555106135&w=2 http://www.openbsd.org/errata27.html#pw_error http://www.securityfocus.com/bid/1744 https://exchange.xforce.ibmcloud.com/vulnerabilities/5339 •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2000-1011
https://notcve.org/view.php?id=CVE-2000-1011
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc http://www.osvdb.org/6070 https://exchange.xforce.ibmcloud.com/vulnerabilities/5638 •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2000-1013
https://notcve.org/view.php?id=CVE-2000-1013
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2000-1066
https://notcve.org/view.php?id=CVE-2000-1066
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc http://www.securityfocus.com/bid/1894 https://exchange.xforce.ibmcloud.com/vulnerabilities/5454 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 2CVE-2000-0998 – FreeBSD 3.5/4.x - '/usr/bin/top' Format String
https://notcve.org/view.php?id=CVE-2000-0998
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function. • https://www.exploit-db.com/exploits/20377 https://www.exploit-db.com/exploits/20378 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:62.top.v1.1.asc ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch http://www.securityfocus.com/bid/1895 •