CVE-2000-0972

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
References
Configurations

Configuration 1 (hide)

cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*

History

20 Nov 2024, 23:33

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html - Broken Link, Exploit, Vendor Advisory () http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html - Broken Link, Exploit, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/5410 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/5410 - Third Party Advisory, VDB Entry

26 Jan 2024, 16:56

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : unknown
v2 : 2.1
v3 : 5.5
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/5410 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/5410 - Third Party Advisory, VDB Entry
References (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html - Exploit, Vendor Advisory (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html - Broken Link, Exploit, Vendor Advisory
CWE NVD-CWE-Other CWE-59
CPE cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*

Information

Published : 2000-12-19 05:00

Updated : 2024-11-20 23:33


NVD link : CVE-2000-0972

Mitre link : CVE-2000-0972

CVE.ORG link : CVE-2000-0972


JSON object : View

Products Affected

hp

  • hp-ux
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')