CVE-2000-1207
Summary
| CVE | CVE-2000-1207 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2000-09-30 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844). |
Risk And Classification
Primary CVSS: v2.0 7.2 from [email protected]
AV:L/AC:L/Au:N/C:C/I:C/A:C
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:L/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Patch, Vendor Advisory |
| marc.info | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| 'glibc and userhelper - local root' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| www.linux-mandrake.com/en/security/2000/MDKSA-2000-059.php3 | af854a3a-2127-422b-91ae-364da2661108 | www.linux-mandrake.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.