CVE-2000-0972
MEDIUMHP-UX 11.00 - Arbitrary File Read via crontab Symlink Attack
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2000-0972. PoCs published by dubhe, Kyong-won Cho.
AI-analyzed exploit summary This exploit leverages a vulnerability in HP-UX 11.00/10.20 crontab by manipulating the EDITOR environment variable to execute arbitrary commands. It creates a malicious script that symlinks a specified file, then invokes crontab -e to trigger the exploit.
Description
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
Exploits (2)
This exploit leverages a vulnerability in HP-UX 11.00/10.20 crontab by manipulating the EDITOR environment variable to execute arbitrary commands. It creates a malicious script that symlinks a specified file, then invokes crontab -e to trigger the exploit.
This exploit leverages a vulnerability in HP-UX's crontab implementation to read arbitrary files by creating a symbolic link via a custom editor script. It abuses the temporary file handling in vi to expose file contents through error messages.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N