CVE-2000-0763 Information

Description

xlockmore and xlockf do not properly cleanse user-injected format strings which allows local users to gain root privileges via the -d option.

Reference

http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html http://www.debian.org/security/2000/20000816 http://www.securityfocus.com/bid/1585 http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694@subterrain.net