CVE-2000-0702
published 2000-10-20CVE-2000-0702: The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to…
PriorityP421high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.15%
62.9th percentile
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| hp | hp-ux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-225c-mv8x-h9xj: The net
ghsa_unreviewed·2022-04-30
CVE-2000-0702 [HIGH] GHSA-225c-mv8x-h9xj: The net
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.
Chrome
Stable Channel Update for Desktop: CVE-2023-0702
vendor_chrome·2023-02-07·CVSS 8.8
CVE-2023-0702 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-0702
Stable Channel Update for Desktop
CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14 [$1000][ 1405574 ] Medium CVE-2023-0703: Type Confusion in DevTools
Reported by raven at KunLun lab on 2023-01-07 [$2000][ 1385982 ] Low CVE-2023-0704: Insufficient policy enforcement in DevTools
Severity: medium
No detection rules found.
Exploit-DB
HP-UX 11.0 - net.init RC Script
exploitdb·2000-08-22
CVE-2000-0702 HP-UX 11.0 - net.init RC Script
HP-UX 11.0 - net.init RC Script
---
source: https://www.securityfocus.com/bid/1602/info
A vulnerability exists in HP-UX, from Hewlett Packard, under certain configurations. Version 11.0 is confirmed to have this problem; other versions may also be susceptible. If the CLEAR_TMP option in /etc/rc.config.d is set to 1, meaning enabled, it is possible for a local user to create a symbolic link in /tmp that will be followed prior to being removed. This will allow the local user to overwrite any file upon reboot.
The /sbin/rc2.d/S008net.init file, and /sbin/rc2.d/S204clean_tmps file are run upon reboot. The net.init is run first. (Lower number S scripts are run first). In the net.init file, a temporary file, /tmp/stcp.conf, is use. This file is blindly written to, and is removed by the clean
Exploit-DB
Microsoft Internet Explorer 4.0.1/5 - Import/Export Favorites
exploitdb·1999-09-10
CVE-1999-0702 Microsoft Internet Explorer 4.0.1/5 - Import/Export Favorites
Microsoft Internet Explorer 4.0.1/5 - Import/Export Favorites
---
Microsoft Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Import/Export Favorites Vulnerability
source: https://www.securityfocus.com/bid/627/info
The ImportExportFavorites() method, used to import and export favorites to/from a file in IE5, can be made to write to any file on the system, in some cases from an email or remote webpage.
This will create a file in the root of C: containing the user's favorites.
window.external.ImportExportFavorites(0,"c:\\fav.hta");
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.htmlhttp://www.securityfocus.com/bid/1602https://exchange.xforce.ibmcloud.com/vulnerabilities/5131http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.htmlhttp://www.securityfocus.com/bid/1602https://exchange.xforce.ibmcloud.com/vulnerabilities/5131
2000-10-20
Published