NetBSD Information for VU#369427
Format string vulnerability in libutil pw_error(3) function
- Vendor Information Help Date Notified: 23 Oct 2000
- Statement Date:
- Date Updated: 27 Oct 2000
NetBSD-1.4.2 and prior releases are vulnerable; the forthcoming 1.4.3 and 1.5 releases will have this problem fixed. We will be issuing an advisory (similar to the OpenBSD advisory) in the next day or two, with a patch included.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.