CVE-2000-1174
published 2001-01-09CVE-2000-1174: Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.82%
92.2th percentile
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethereal_group | ethereal | <= 0.8.13 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-22xj-gc32-5pwq: Multiple buffer overflows in AFS ACL parser for Ethereal 0
ghsa_unreviewed·2022-05-03
CVE-2000-1174 [HIGH] GHSA-22xj-gc32-5pwq: Multiple buffer overflows in AFS ACL parser for Ethereal 0
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.
Red Hat
security flaw
vendor_redhat·2000-11-18·CVSS 7.5
CVE-2000-1174 [HIGH] security flaw
security flaw
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.
Statement: This issue was fixed in the following products:
- Red Hat Powertools 6.0 - RHSA-2000:116 (2000-12-05)
- Red Hat Powertools 6.1 - RHSA-2000:116 (2000-12-05)
- Red Hat Powertools 6.2 - RHSA-2000:116 (2000-12-05)
- Red Hat Powertools 7.0 - RHSA-2000:116 (2000-12-05)
No detection rules found.
Exploit-DB
Ethereal - AFS Buffer Overflow
exploitdb·2000-11-18
CVE-2000-1174 Ethereal - AFS Buffer Overflow
Ethereal - AFS Buffer Overflow
---
/*
source: https://www.securityfocus.com/bid/1972/info
Ethereal is a network auditing utility originally written by Gerald Combs. A problem exists in the Ethereal package which can allow a remote user to execute code.
The problem exists in the AFS packet parsing routine. An algorithm string scans the contents of a packet into a predefined buffer, not checking to see if the size of the string exceeds the buffer size. It is therefore possible to overwrite other values on the stack including the return address. This problem makes it possible for a malicious user to execute code with a custom crafted packet.
*/
/*
Name: Ethereal 0.8.13 AFS ACL buffer overflow exploit
Author:
http://hacksware.com
[email protected]
gcc -o sbo_ethereal sbo_ethereal.c
Usage
Exploit-DB
BeOS 5.0 - TCP Fragmentation Remote Denial of Service
exploitdb·2000-05-18
CVE-2000-0463 BeOS 5.0 - TCP Fragmentation Remote Denial of Service
BeOS 5.0 - TCP Fragmentation Remote Denial of Service
---
source: https://www.securityfocus.com/bid/1222/info
BeOS is vulnerable to a remote TCP fragmentation attack that will crash the target system, requiring a reboot.
[root@localhost isic-0.05]# ./tcpsic -s 1.1.1.1 -d 10.0.1.46 -r 31337 -F100 -V0
-I0 -T0 -u0 -t0
Compiled against Libnet 1.0.1b
Installing Signal Handlers.
Seeding with 31337
No Maximum traffic limiter
Using random source ports.
Using random destination ports.
Bad IP Version = 0% IP Opts Pcnt = 0%
Frag'd Pcnt = 100% Urg Pcnt = 0%
Bad TCP Cksm = 0% TCP Opts Pcnt = 0%
1000 @ 1802.8 pkts/sec and 1174.6 k/s
2000 @ 1636.8 pkts/sec and 1105.5 k/s
3000 @ 2110.2 pkts/sec and 1396.4 k/s
4000 @ 1689.1 pkts/sec and 1105.4 k/s
Caught signal 2
Used random seed 31337
Wrote 5002 pack
Exploit-DB
FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure
exploitdb·2000-05-06
CVE-2000-0413 FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure
FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure
---
source: https://www.securityfocus.com/bid/1174/info
The local path of a HTML, HTM, ASP, or SHTML file can be disclosed in Microsoft IIS 4.0/5.0 / Frontpage Server Extensions 1.1 and prior. Passing a path to a non-existent file to the shtml.exe or shtml.dll (depending on platform) program will display an error message stating that the file cannot be found accompanied by the full local path to the web root. For example, performing a request for http://target/_vti_bin/shtml.dll/non_existant_file.html will produce an error message stating "Cannot open "C:\localpath\non_existant_file.html": no such file or folder"
http://target/_vti_bin/shtml.exe/non-existent-file.html
http://target/_vti_bin/shtml.exe/non-existent-fil
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.aschttp://archives.neohapsis.com/archives/bugtraq/2000-11/0251.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342http://www.debian.org/security/2000/20001122ahttp://www.redhat.com/support/errata/RHSA-2000-116.htmlhttp://www.securityfocus.com/bid/1972https://exchange.xforce.ibmcloud.com/vulnerabilities/5557ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.aschttp://archives.neohapsis.com/archives/bugtraq/2000-11/0251.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342http://www.debian.org/security/2000/20001122ahttp://www.redhat.com/support/errata/RHSA-2000-116.htmlhttp://www.securityfocus.com/bid/1972https://exchange.xforce.ibmcloud.com/vulnerabilities/5557
2001-01-09
Published