CVE-2000-0739
published 2000-10-20CVE-2000-0739: Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
2.87%
85.0th percentile
Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| network_associates | net_tools_pki_server | — | — |
| network_associates | net_tools_pki_server | — | — |
| network_associates | net_tools_pki_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ethereal 0.10.9 (Windows) - '3G-A11' Remote Buffer Overflow
exploitdb·2005-03-12
CVE-2005-0739 Ethereal 0.10.9 (Windows) - '3G-A11' Remote Buffer Overflow
Ethereal 0.10.9 (Windows) - '3G-A11' Remote Buffer Overflow
---
/*
*
* Ethereal IAPP remote buffer overflow #2 PoC exploit
* ---------------------------------------------------
* To test this vulnerability on windows, try to send 3-10 packets
* that will trigger the crash, and scroll between captured packets
* in Ethereal.
*
* Coded by Leon Juranic
* LSS Security
*
*/
#include
#include
#pragma comment (lib,"ws2_32")
#define IAPP_PDU_SSID 0
typedef struct _e_iapphdr {
unsigned char ia_version;
unsigned char ia_type;
} e_iapphdr;
typedef struct _e_pduhdr {
unsigned char pdu_type;
unsigned char pdu_len_h;
unsigned char pdu_len_l;
} e_pduhdr;
void xp_sendpacket (char *pack)
{
WORD wVersionRequested;
WSADATA wsaData;
int err;
int sock,i;
struct sockaddr_in sin;
unsigned char buf[2000]
Exploit-DB
nai net tools pki server 1.0 - Directory Traversal
exploitdb·2000-08-02
CVE-2000-0739 nai net tools pki server 1.0 - Directory Traversal
nai net tools pki server 1.0 - Directory Traversal
---
source: https://www.securityfocus.com/bid/1537/info
Certain versions of Network Associates Inc.'s Net Tools PKI (Public Key Infrastructure) server ship with a vulnerability which allows remote attackers to read any file in the system which the PKI server resides. The problem lies within the webserver component of the PKI server (strong.exe) which operates several 'virtual servers' required to operate the PKI server. The first is the Administrative Web Server which listens via TCP port 443, the second is Enrollment Web Server which listens on TCP port 444. Unlike the Administrative Web Server the Enrollment Web Server does not require credentials to be exchanged before a user can talk to the webserver. It is via this virtual server t
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.htmlhttp://download.nai.com/products/licensed/pgp/hf3pki10.txthttp://www.osvdb.org/1489http://www.securityfocus.com/bid/1537https://exchange.xforce.ibmcloud.com/vulnerabilities/5066http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.htmlhttp://download.nai.com/products/licensed/pgp/hf3pki10.txthttp://www.osvdb.org/1489http://www.securityfocus.com/bid/1537https://exchange.xforce.ibmcloud.com/vulnerabilities/5066
2000-10-20
Published