CVE-2000-0865
published 2000-11-14CVE-2000-0865: Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument.
PriorityP423high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.06%
60.3th percentile
Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tridia | doublevision | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
LushiNews 1.01 - 'comments.php' SQL Injection
exploitdb·2007-02-08
CVE-2007-0865 LushiNews 1.01 - 'comments.php' SQL Injection
LushiNews 1.01 - 'comments.php' SQL Injection
---
exploit2.asp
'[Update: + Get Header
'[Update: + Get Whois Info
'===============================================================================================
%>
function functionControl1(){
setTimeout("functionControl2()",2000);
}
function functionControl2(){
if(document.form1.field1.value==""){
alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again");
}
}
function writetext() {
if(document.form1.field1.value==""){
document.getElementById('htmlAlani').innerHTML='There is a problem... The Data Didn\'t Take '
}
}
function write(){
setTimeout("writetext()",1000);
}
TARGET:Example:[http://x.com/path]
USER ID:Example:[User
ID=1]
There is a problem! Please complete to the whole spaces"
End If
If islem =
Exploit-DB
Tridia DoubleVision 3.0 7.00 - Local Privilege Escalation
exploitdb·2000-06-24
CVE-2000-0865 Tridia DoubleVision 3.0 7.00 - Local Privilege Escalation
Tridia DoubleVision 3.0 7.00 - Local Privilege Escalation
---
// source: https://www.securityfocus.com/bid/1697/info
A utility integral to Tridia DoubleVision for SCO UnixWare 7.x has been found to be vulnerable to a buffer overflow attack.
dvtermtype, which is setuid root, is run by a user at login time to tell DoubleVision what terminal translations to use. The command line parameters are as follows:
$ dvtermtype termtype devicename
If a malicious user contructs a long termtype string and executes dvtermtype, dvtermtype will stack overflow. This can lead to a root compromise.
Tridia has different release schedules for each UNIX platform is supports. It is unclear what other UNIX builds of DoubleVision are vulnerable.
/*
* dvexploit.c
*
* written by : Stephen J. Friedl
* Software
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.htmlhttp://www.securityfocus.com/bid/1697https://exchange.xforce.ibmcloud.com/vulnerabilities/5261http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.htmlhttp://www.securityfocus.com/bid/1697https://exchange.xforce.ibmcloud.com/vulnerabilities/5261
2000-11-14
Published