CVE-2000-0468

HP-UX 10.20 and 11 - Arbitrary File Overwrite via Symlink Attack

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0468. PoCs published by Jason Axley.

AI-analyzed exploit summary The exploit describes a vulnerability in the 'man' command on HP-UX systems where predictable temporary filenames, symlink following, and insecure file permissions allow an attacker to overwrite arbitrary files when root executes 'man'.

Description

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jason Axley · textlocalhp-ux

https://www.exploit-db.com/exploits/19990

View Code ZIP pw:eip

The exploit describes a vulnerability in the 'man' command on HP-UX systems where predictable temporary filenames, symlink following, and insecure file permissions allow an attacker to overwrite arbitrary files when root executes 'man'.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: HP-UX 'man' command (various versions)

No auth needed

Prerequisites: Access to a world-writeable directory (e.g., /tmp) · Ability to create symlinks

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.02.10006021014400.4779-100000%40nofud.nwest.attws.com

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1302

Scores

EPSS 0.0115

EPSS Percentile 78.8%

Details

Status published

Products (2)

hp/hp-ux 10.20

hp/hp-ux 11.00

Published Jun 02, 2000

Tracked Since Feb 18, 2026