Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0322 — Redhat Linux vulnerability

8 documents7 sources

Severity

10.0CRITICALNVD

EPSS

77.8%

top 1.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redhat Linux

Timeline

PublishedApr 24

Latest updateApr 30

Description

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDredhat/linux6.2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-cxxx-c74v-hjm6: The passwd↗2022-04-30

▶

CVEList

CVE-2000-0322: The passwd↗2000-10-13

▶

VulnCheck

Red Hat linux Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2000

▶

💥Exploits & PoCs

Exploit-DB

RedHat Piranha Virtual Server Package - 'passwd.php3' Arbitrary Command Execution (Metasploit)↗2010-10-18

▶

Exploit-DB

Microsoft Internet Explorer 4 / Outlook 2000/5.5 - 'MSHTML.dll' Crash↗2001-01-15

▶

📋Vendor Advisories

Red Hat

security flaw↗2000-04-24

▶

💬Community

Bugzilla

CVE-2000-0322 security flaw↗2018-08-16

▶