Vulnerabilities > CVE-2000-0763 - Unspecified vulnerability in David Bagley Xlock 4.16/4.16.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN david-bagley
exploit available
Summary
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description David Bagley xlock 4.16 User Supplied Format String Vulnerability (1). CVE-2000-0763. Local exploit for unix platform id EDB-ID:20153 last seen 2016-02-02 modified 2000-08-15 published 2000-08-15 reporter noir source https://www.exploit-db.com/download/20153/ title David Bagley xlock 4.16 User Supplied Format String Vulnerability 1 description David Bagley xlock 4.16 User Supplied Format String Vulnerability (2). CVE-2000-0763. Local exploit for unix platform id EDB-ID:20154 last seen 2016-02-02 modified 2000-10-21 published 2000-10-21 reporter Ben Williams source https://www.exploit-db.com/download/20154/ title David Bagley xlock 4.16 User Supplied Format String Vulnerability 2
References
- http://www.debian.org/security/2000/20000816
- http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html
- http://www.securityfocus.com/bid/1585
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694%40subterrain.net