CVE-2000-1127 – HP-UX 10.20 - registrar Local Arbitrary File Read
https://notcve.org/view.php?id=CVE-2000-1127
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable. • https://www.exploit-db.com/exploits/20386 http://www.securityfocus.com/archive/1/143845 http://www.securityfocus.com/bid/1919 •
CVE-2000-1134 – UUCP - File Creation/Overwriting Symlinks
https://notcve.org/view.php?id=CVE-2000-1134
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. • https://www.exploit-db.com/exploits/217 https://www.exploit-db.com/exploits/20436 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350 http://distro.conectiva.com.br/atualizacoes/?id=a& •
CVE-2000-0972 – HP-UX 11.00/10.20 crontab - Overwrite Files
https://notcve.org/view.php?id=CVE-2000-0972
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. • https://www.exploit-db.com/exploits/195 https://www.exploit-db.com/exploits/20329 http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html https://exchange.xforce.ibmcloud.com/vulnerabilities/5410 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2000-1126
https://notcve.org/view.php?id=CVE-2000-1126
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service. • http://www.securityfocus.com/advisories/2850 http://www.securityfocus.com/bid/1954 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5655 •
CVE-2000-1031
https://notcve.org/view.php?id=CVE-2000-1031
Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option. • http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html http://archives.neohapsis.com/archives/hp/2000-q4/0034.html http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11 http://www.kb.cert.org/vuls/id/320067 http://www.securityfocus.com/archive/1/290115 http://www.securityfocus.com/archive/1/75188 http://www.securityfocus.com/bid/1889 https://exchange.xforce.ibmcloud.com/vulnerabilities/5461 •