NetBSD Information for VU#369427

Format string vulnerability in libutil pw_error(3) function



Vendor Statement

NetBSD-1.4.2 and prior releases are vulnerable; the forthcoming 1.4.3 and 1.5 releases will have this problem fixed. We will be issuing an advisory (similar to the OpenBSD advisory) in the next day or two, with a patch included.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.