CVE-2000-1140
published 2001-01-09CVE-2000-1140: Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing…
PriorityP412low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
1.16%
63.1th percentile
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| recourse_technologies | mantrap | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ManTrap 1.6.1 - Hidden Process Disclosure
exploitdb·2000-11-01
CVE-2000-1140 ManTrap 1.6.1 - Hidden Process Disclosure
ManTrap 1.6.1 - Hidden Process Disclosure
---
// source: https://www.securityfocus.com/bid/1908/info
ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an attacker who gains access to it. To ensure that the "lured" hacker doesn't realize that they are on a ManTrap host, certain processes must be hidden. One of the ways this is accomplished in ManTrap is through kernel modules that prevent /proc entries from being created for these processes. Unfortunately this is trivial to bypass through comparing process information retrieved directly from kernel memory to the contents of /proc.
The kill() system call does not read from /proc. A hacker may
Exploit-DB
Solaris 7.0/8 - Xsun Buffer Overrun
exploitdb·2000-04-24
CVE-2000-0337 Solaris 7.0/8 - Xsun Buffer Overrun
Solaris 7.0/8 - Xsun Buffer Overrun
---
// source: https://www.securityfocus.com/bid/1140/info
A buffer overrun vulnerability exists in the Xsun X11 server, as shipped as part of Solaris 7 and 8 from Sun Microsystems. By supplying a long argument to the -dev option (normally used to set the output device), it is possible to execute arbitrary code with setgid root permissions. This can be further leveraged to gain root privileges, resulting in machine compromise.
/*
*
* Solaris 7 Xsun(suid) local overflow - PRIVATE for now!
* Solaris 2.7/(2.6?) x86 sploit no sparc code, yet!
*
* Discovered/sploited By DiGiT - [email protected]
*
* Greets: #!ADM, #!security.is
*/
#include
#include
// Generic solaris x86 shellcode by cheeze wizz
char shellcode[] =
"\xeb\x48\x9a\xff\xff\xff\xff\x07\xff\xc3
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-11/0100.htmlhttp://www.securityfocus.com/bid/1908https://exchange.xforce.ibmcloud.com/vulnerabilities/5473http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-11/0100.htmlhttp://www.securityfocus.com/bid/1908https://exchange.xforce.ibmcloud.com/vulnerabilities/5473
2001-01-09
Published