CVE-2000-0935
published 2000-12-19CVE-2000-0935: Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
PriorityP419high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.29%
66.6th percentile
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samba | samba | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
exploitdb·2005-07-05
CVE-2005-2087 Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
---
# Bindshell on port 28876 - Based on Berend-Jan Wever's IE exploit
# 01 July 2005
#
# Description - http://www.frsirt.com/english/advisories/2005/0935
# Workarounds - http://www.microsoft.com/technet/security/advisory/903144.mspx
# sec-consult - http://www.sec-consult.com/184.html
#
# Solution :
# Set Internet and Local intranet security zone settings to "High" or use
# another browser until a patch is released.
#
# Tested on :
# Internet Explorer 6 on Microsoft Windows XP SP2
# Internet Explorer 6 on Microsoft Windows XP SP1
#
# Affected versions :
# Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3
# Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
# I
Exploit-DB
Samba 2.0.7 - SWAT Symlink (1)
exploitdb·2000-11-01
CVE-2000-0935 Samba 2.0.7 - SWAT Symlink (1)
Samba 2.0.7 - SWAT Symlink (1)
---
// source: https://www.securityfocus.com/bid/1872/info
The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or Netbios protocol. Samba ships with a utility titled SWAT (Samba Web Administration Tool) which is used for remote administration of the Samba server and is by default set to run from inetd as root on port 701. Certain versions of this software ship with a vulnerability local users can use to leverage root access.
This problem in particular is a symlink problem where user can take advantage of poor programming in SWAT's logging facilities (which are not e
Exploit-DB
Samba 2.0.7 - SWAT Symlink (2)
exploitdb·2000-11-01
CVE-2000-0935 Samba 2.0.7 - SWAT Symlink (2)
Samba 2.0.7 - SWAT Symlink (2)
---
source: https://www.securityfocus.com/bid/1872/info
The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or Netbios protocol. Samba ships with a utility titled SWAT (Samba Web Administration Tool) which is used for remote administration of the Samba server and is by default set to run from inetd as root on port 701. Certain versions of this software ship with a vulnerability local users can use to leverage root access.
This problem in particular is a symlink problem where user can take advantage of poor programming in SWAT's logging facilities (which are not enab
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.htmlhttp://www.securityfocus.com/bid/1872https://exchange.xforce.ibmcloud.com/vulnerabilities/5443http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.htmlhttp://www.securityfocus.com/bid/1872https://exchange.xforce.ibmcloud.com/vulnerabilities/5443
2000-12-19
Published