ID CVE-2000-0195
Type cve
Reporter NVD
Modified 2008-09-10T15:03:16
Description
setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0195", "history": [], "references": ["http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html", "http://www.securityfocus.com/bid/1008"], "lastseen": "2016-09-03T02:34:57", "bulletinFamily": "NVD", "title": "CVE-2000-0195", "cpe": ["cpe:/o:corel:linux:1.0"], "viewCount": 0, "id": "CVE-2000-0195", "hash": "3c704627d7fce26d27e2a2c8e5e1c843107281681c67f30b6a6a1014d87e493b", "description": "setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2000-0195"], "scanner": [], "modified": "2008-09-10T15:03:16", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2000-02-24T00:00:00", "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-09-03T02:34:57"}, "vulnersScore": 7.2}}
{"osvdb": [{"lastseen": "2017-04-28T13:19:56", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[CVE-2000-0195](https://vulners.com/cve/CVE-2000-0195)\nBugtraq ID: 1008\n", "reporter": "OSVDB", "published": "2000-02-24T00:00:00", "title": "Linux setxconf -T Option Local Privilege Escalation", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2000-0195"], "modified": "2000-02-24T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:1231", "id": "OSVDB:1231", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T12:39:34", "osvdbidlist": ["1231"], "references": [], "description": "Corel Linux OS 1.0 setxconf Vulnerability. CVE-2000-0195. Local exploit for linux platform", "edition": 1, "reporter": "suid", "published": "2000-02-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "exploitdb", "title": "Corel Linux OS 1.0 setxconf Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2000-0195"], "modified": "2000-02-24T00:00:00", "id": "EDB-ID:19765", "href": "https://www.exploit-db.com/exploits/19765/", "sourceData": "source: http://www.securityfocus.com/bid/1008/info\r\n\r\nA vulnerability exists in the setxconf utility, as shipped with Corel Linux 1.0. The -T option to setxconf will run xinit, which euid root. xinit, when executed, will invoke the contents on ~/.xserverrc. A malicious user could therefore execute commands as root.\r\n\r\ncat > ~/.xserverrc\r\necho \"+ +\" > /.rhosts", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/19765/"}]}
