OpenBSD Information for VU#369427

Format string vulnerability in libutil pw_error(3) function



Vendor Statement

From the OpenBSD Security Advisory:

"This vulnerability affects OpenBSD versions through 2.7. FreeBSD 4.0 is vulnerable, but patches have been backported, and FreeBSD versions 4.1 and
4.1.1 are safe. Bill Sommerfield committed a fix to NetBSD today shortly after we notified him of the problem.

OpenBSD users running -current (2.8-beta) with a system dated July 1st or thereafter are safe."

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



OpenBSD has provided a patch for this vulnerability at: