CVE-2000-0864
published 2000-11-14CVE-2000-0864: Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and…
PriorityP420medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
0.69%
48.3th percentile
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnome | esound | — | — |
CVSS provenance
nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
vendor_redhat6.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6743-8vvq-693c: Race condition in the creation of a Unix domain socket in GNOME esound 0
ghsa_unreviewed·2022-04-30
CVE-2000-0864 [MEDIUM] CWE-362 GHSA-6743-8vvq-693c: Race condition in the creation of a Unix domain socket in GNOME esound 0
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
Red Hat
security flaw
vendor_redhat·2000-08-31·CVSS 6.2
CVE-2000-0864 [MEDIUM] security flaw
security flaw
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
Statement: This issue was fixed in the following products:
- Red Hat Linux 6.0 - RHSA-2000:077 (2000-10-06)
- Red Hat Linux 6.1 - RHSA-2000:077 (2000-10-06)
- Red Hat Linux 6.2 - RHSA-2000:077 (2000-10-06)
- Red Hat Linux 7.0 - RHSA-2000:077 (2000-10-06)
- Red Hat Linux 7.0j - RHSA-2000:077 (2000-10-06)
No detection rules found.
Exploit-DB
LushiWarPlaner 1.0 - 'register.php' SQL Injection
exploitdb·2007-02-08
CVE-2007-0864 LushiWarPlaner 1.0 - 'register.php' SQL Injection
LushiWarPlaner 1.0 - 'register.php' SQL Injection
---
exploit2.asp
'[Update: + Get Header
'[Update: + Get Whois Info
'===============================================================================================
%>
function functionControl1(){
setTimeout("functionControl2()",2000);
}
function functionControl2(){
if(document.form1.field1.value==""){
alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again");
}
}
function writetext() {
if(document.form1.field1.value==""){
document.getElementById('htmlAlani').innerHTML='There is a problem... The Data Didn\'t Take '
}
}
function write(){
setTimeout("writetext()",1000);
}
TARGET:Example:[http://x.com/path]
USER ID:Example:[User
ID=1]
There is a problem! Please complete to the whole spaces"
End If
If isl
Exploit-DB
GNOME esound 0.2.19 - Unix Domain Socket Race Condition
exploitdb·2000-08-31
CVE-2000-0864 GNOME esound 0.2.19 - Unix Domain Socket Race Condition
GNOME esound 0.2.19 - Unix Domain Socket Race Condition
---
source: https://www.securityfocus.com/bid/1659/info
EsounD, part of the GNOME desktop environment, is a server process allowing several applications to share the same sound hardware.
Versions of esound up to and including 0.2.19 create a world-writable directory (/tmp/.esd) which is also used to store a domain socket used by esound.
The unix domain socket is also created world-writeable. A race condition exists when this socket is created such that if an attacker creates a symbolic link in the world-writeable /tmp/.esd directory at the right time, the file pointed to by it will be changed to a world-writeable mode. The target file, of course, would have to be owned by the user running ESound. This vulnerability may have to do
http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htmhttp://archives.neohapsis.com/archives/bugtraq/2000-10/0118.htmlhttp://archives.neohapsis.com/archives/freebsd/2000-08/0365.htmlhttp://www.debian.org/security/2000/20001008http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.htmlhttp://www.redhat.com/support/errata/RHSA-2000-077.htmlhttp://www.securityfocus.com/bid/1659https://exchange.xforce.ibmcloud.com/vulnerabilities/5213http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htmhttp://archives.neohapsis.com/archives/bugtraq/2000-10/0118.htmlhttp://archives.neohapsis.com/archives/freebsd/2000-08/0365.htmlhttp://www.debian.org/security/2000/20001008http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.htmlhttp://www.redhat.com/support/errata/RHSA-2000-077.htmlhttp://www.securityfocus.com/bid/1659https://exchange.xforce.ibmcloud.com/vulnerabilities/5213
2000-11-14
Published