CVE-2000-1026
published 2000-12-11CVE-2000-1026: Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.
PriorityP339critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
5.98%
92.4th percentile
Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lbl | tcpdump | — | — |
| lbl | tcpdump | — | — |
| lbl | tcpdump | — | — |
| lbl | tcpdump | — | — |
| lbl | tcpdump | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gpx8-x27w-5h72: Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands
ghsa_unreviewed·2022-05-03
CVE-2000-1026 [HIGH] GHSA-gpx8-x27w-5h72: Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands
Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.
GHSA
GHSA-798q-jpvf-xqwg: Buffer overflow in print-rx
ghsa_unreviewed·2022-05-03·CVSS 10.0
CVE-2001-1279 [CRITICAL] GHSA-798q-jpvf-xqwg: Buffer overflow in print-rx
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
Red Hat
security flaw
vendor_redhat·2001-07-09·CVSS 10.0
CVE-2001-1279 [CRITICAL] security flaw
security flaw
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
No detection rules found.
Exploit-DB
tcpdump 3.4/3.5 - AFS ACL Packet Buffer Overflow
exploitdb·2001-01-02
CVE-2000-1026 tcpdump 3.4/3.5 - AFS ACL Packet Buffer Overflow
tcpdump 3.4/3.5 - AFS ACL Packet Buffer Overflow
---
/*
source: https://www.securityfocus.com/bid/1870/info
tcpdump is a popular network monitoring tool used for watching network traffic written by the Lawrence Berkeley Laboratory. It must at least begin execution as root since it opens and reads from the link layer interface (through pcap). It is usually run directly by/as root.
tcpdump is vulnerable to a remotely exploitable buffer overflow in it's parsing of AFS ACL packets. This is likely the result of the AFS packet fields received over a network interface being copied into memory buffers of predefined length without checks for size. The excessive data could be used to overwrite stack variables if constructed correctly and allow the attacker (who would have sent the custom ACL pac
Exploit-DB
The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion
exploitdb·2000-02-29
CVE-2000-0208 The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion
The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion
---
source: https://www.securityfocus.com/bid/1026/info
ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character ( ` ) is taken as a path to a file for inclusion, for example:
some_parameter: `var/htdig/some_file`
htdig will also allow included files to be specified via form input. Therefore, any file can be specified for inclusion into a variable by any web user.
The URL:
http ://target/cgi-bin/htsearch?Exclude=%60/etc/passwd%60
will return a page with the contents of /etc/passwd in the 'exclude' field.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.aschttp://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.htmlhttp://www.securityfocus.com/bid/1870https://exchange.xforce.ibmcloud.com/vulnerabilities/5480ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.aschttp://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.htmlhttp://www.securityfocus.com/bid/1870https://exchange.xforce.ibmcloud.com/vulnerabilities/5480
2000-12-11
Published