CVE-2000-1127
published 2001-01-09CVE-2000-1127: registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating…
PriorityP412low3.6CVSS 2.0
AVLACLAuNCPIPAN
EXPLOIT
EPSS
0.97%
57.6th percentile
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | hp-ux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
exploitdb·2019-07-10
CVE-2019-1127 Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
---
-----=====[ Background ]=====-----
AFDKO (Adobe Font Development Kit for OpenType) is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType (to some extent) and several other font formats. While the library existed as early as 2000, it was open-sourced by Adobe in 2014 on GitHub [1, 2], and is still actively developed. The font parsing code can be generally found under afdko/c/public/lib/source/*read/*.c in the project directory tree.
At the time of this writing, based on the available source code, we conclude that AFDKO was originally
Exploit-DB
HP-UX 10.20 - registrar Local Arbitrary File Read
exploitdb·2000-11-08
CVE-2000-1127 HP-UX 10.20 - registrar Local Arbitrary File Read
HP-UX 10.20 - registrar Local Arbitrary File Read
---
source: https://www.securityfocus.com/bid/1919/info
The registrar service that ships with version 10.20 (possibly others) of HP's HP-UX operating system contains a vulnerability that may allow a local user to read any file on the hosts filesystem. The service (which listens on tcp port 1712) writes to a log file, /etc/opt/resmon/log/registrar.log.
Default permissions on the /etc/opt/resmon/log directory allow users to overwrite the log file within it via "mv", which is normally created and written to by root when connections are made to the service.
After mv'ing an existing log file to another location, a malicious user can create a symbolic link to an arbitrary file they do not have read access to with the filename registrar.log i
No writeups or analysis indexed.
2001-01-09
Published