CVE-2000-0048
published 2000-01-12CVE-2000-0048: get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.
PriorityP422high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.61%
72.9th percentile
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| corel | linux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (2)
exploitdb·2005-04-16
CVE-2005-0048 Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (2)
Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (2)
---
// source: https://www.securityfocus.com/bid/13116/info
Microsoft Windows is reported prone to a remote code execution vulnerability. It is reported that the vulnerability manifests when an affected Microsoft platform receives and processes an especially malformed TCP/IP packet.
Reports indicate that the immediate consequences of exploitation of this issue are a denial of service.
/* ecl-winipdos.c - 16/04/05
* Yuri Gushin
* Alex Behar
*
* This one was actually interesting, an off-by-one by our beloved
* M$ :)
*
* When processing an IP packet with an option size (2nd byte after
* the option) of 39, it will crash - since the maximum available
* size is 40 for the whole IP options field, and two are a
Exploit-DB
Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (1)
exploitdb·2005-04-12
CVE-2005-0048 Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (1)
Microsoft Windows XP/2000 - Internet Protocol Validation Remote Code Execution (1)
---
source: https://www.securityfocus.com/bid/13116/info
Microsoft Windows is reported prone to a remote code execution vulnerability. It is reported that the vulnerability manifests when an affected Microsoft platform receives and processes an especially malformed TCP/IP packet.
Reports indicate that the immediate consequences of exploitation of this issue are a denial of service.
#!/usr/bin/perl
use strict;
use warnings;
my %opts;
use Getopt::Std;
getopts('t:p:', \%opts);
die("Usage: $0 -t TARGET -p PORT\n") unless $opts{t} && $opts{p};
use Net::Pkt;
$Env->debug(3);
my $frame = Net::Packet::Frame->new(
l3 => Net::Packet::IPv4->new(
dst => $opts{t},
options => "\x03\x27". 'G'x38,
),
l4 => Net::Pack
Exploit-DB
Corel Linux OS 1.0 - get_it PATH
exploitdb·2000-01-12
CVE-2000-0048 Corel Linux OS 1.0 - get_it PATH
Corel Linux OS 1.0 - get_it PATH
---
source: https://www.securityfocus.com/bid/928/info
A component of the "Corel Update" utility distributed with Corel's Linux OS is vulnerable to a local PATH vulnerability. The binary "get_it", which is stored in /usr/X11R6/bin, is setuid root installed by default on all Corel LinuxOS systems (it's part of their .deb package install/update utils). get_it relies on PATH to be valid when it calls 'cp' (without the full path), making it possible to spawn an arbitrary program (called 'cp') with inherited root privs by changing the first searched path to one in which a malicious cp lies. The consequences are immediate local root compromise.
CorelLinux:~$ id
uid=1001(tascon) gid=1001(tascon) groups=1001(tascon)
CorelLinux:~$ cat misu.c
#include
#include
m
No writeups or analysis indexed.
2000-01-12
Published