Sign-up

ID

VAR-200102-0001


CVE

CVE-2000-1090


TITLE

IBM AIX setclock buffer overflow in remote timeserver argument

Trust: 0.8

sources: CERT/CC: VU#739201

DESCRIPTION

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. 2 Byte character (DBCS) Of the language-speaking version using Microsoft IIS Has a specific 2 A vulnerability exists in which a request containing a byte character discloses a file with a file name that cannot be viewed normally.Any file in the system may be viewed. AIX is a version of the UNIX Operating System distributed by IBM. A problem exists that could allow a user elevated priviledges. The problem occurs in the setsenv binary. It has been reported that a buffer overflow exists in this binary which could allow a user to overwrite variables on the stack, including the return address. This makes it possible for a malicious user to execute arbitrary code, and potentially attain a UID of 0. The editions that are affected include Traditional Chinese, Simplified Chinese, Japanese, and Korean (Hangeul). This vulnerability affects IIS prior to SP6. The problem was resolved with the release of SP6, however it has resurfaced in IIS 5.0. Non-Far East editions of IIS such as English are not affected by this vulnerability. If a lead-byte exists, IIS will proceed to check for a trail-byte. If a trail-byte is not present, IIS will automatically drop the lead-byte. Problems can arise due to the exclusion of the lead-byte because it will result in the opening of a different file from the one specified. A malicious user may create a specially formed HTTP request containing DBCS to retrieve the contents of files located inside the web root. This may lead to the disclosure of sensitive information such as usernames and passwords

Trust: 5.04

sources: NVD: CVE-2000-1090 // CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // JVNDB: JVNDB-2000-000075 // BID: 2032 // BID: 2100

AFFECTED PRODUCTS

vendor:ibmmodel: - scope: - version: -

Trust: 2.4

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.8

vendor:ibmmodel:aixscope:eqversion:4.3.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:4.3.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:4.3.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:4.2.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:4.2

Trust: 0.3

vendor:microsoftmodel:iis far east editionscope:eqversion:5.0

Trust: 0.3

vendor:microsoftmodel:iis far east edition sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:iis far east edition sp6scope:neversion:4.0

Trust: 0.3

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#886953 // BID: 2032 // BID: 2100 // JVNDB: JVNDB-2000-000075 // CNNVD: CNNVD-200102-009 // NVD: CVE-2000-1090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-1090
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#739201
value: 7.09

Trust: 0.8

CARNEGIE MELLON: VU#808633
value: 5.36

Trust: 0.8

CARNEGIE MELLON: VU#872257
value: 7.09

Trust: 0.8

CARNEGIE MELLON: VU#886953
value: 15.19

Trust: 0.8

NVD: CVE-2000-1090
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200102-009
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2000-1090
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // JVNDB: JVNDB-2000-000075 // CNNVD: CNNVD-200102-009 // NVD: CVE-2000-1090

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200102-009

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200102-009

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2000-000075

PATCH
title:Top Pageurl:http://www.microsoft.com/ja/jp/default.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2000-000075

EXTERNAL IDS
db:NVDid:CVE-2000-1090
Trust: 2.7
db:BIDid:2100
Trust: 2.7
db:BIDid:2032
Trust: 1.1
db:BIDid:2035
Trust: 0.8
db:XFid:5618
Trust: 0.8
db:CERT/CCid:VU#739201
Trust: 0.8
db:BIDid:2033
Trust: 0.8
db:XFid:5620
Trust: 0.8
db:CERT/CCid:VU#808633
Trust: 0.8
db:BIDid:2034
Trust: 0.8
db:XFid:5619
Trust: 0.8
db:CERT/CCid:VU#872257
Trust: 0.8
db:XFid:5621
Trust: 0.8
db:CERT/CCid:VU#886953
Trust: 0.8
db:JVNDBid:JVNDB-2000-000075
Trust: 0.8
db:XFid:5729
Trust: 0.6
db:CNNVDid:CNNVD-200102-009
Trust: 0.6
sources:
            
            
            CERT/CC: VU#739201 // 
            
            
            
            CERT/CC: VU#808633 // 
            
            
            
            CERT/CC: VU#872257 // 
            
            
            
            CERT/CC: VU#886953 // 
            
            
            
            BID: 2032 // 
            
            
            
            BID: 2100 // 
            
            
            
            JVNDB: JVNDB-2000-000075 // 
            
            
            
            CNNVD: CNNVD-200102-009 // 
            
            
            
            NVD: CVE-2000-1090

REFERENCES
url:http://www.securityfocus.com/bid/2100
Trust: 2.4
url:http://www.nsfocus.com/english/homepage/sa_08.htm
Trust: 1.9
url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139925+stiy08143+usbin
Trust: 1.6
url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08143
Trust: 1.6
url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137627+stiy08287+usbin
Trust: 1.6
url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08287
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5729
Trust: 1.0
url:http://www.securityfocus.com/bid/2035
Trust: 0.8
url:http://xforce.iss.net/static/5618.php
Trust: 0.8
url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139817+stiy07831+usbin
Trust: 0.8
url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy07831
Trust: 0.8
url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137621+stiy07790+usbin
Trust: 0.8
url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy07790
Trust: 0.8
url:http://www.securityfocus.com/bid/2033
Trust: 0.8
url:http://xforce.iss.net/static/5620.php
Trust: 0.8
url:http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/digest.htm#a26p05a6
Trust: 0.8
url:http://www.securityfocus.com/bid/2034
Trust: 0.8
url:http://xforce.iss.net/static/5619.php
Trust: 0.8
url:http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/enq.htm#a200977f
Trust: 0.8
url:http://www.securityfocus.com/bid/2032
Trust: 0.8
url:http://xforce.iss.net/static/5621.php
Trust: 0.8
url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da114623+stiy10721+usbin
Trust: 0.8
url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy10721
Trust: 0.8
url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da123587+stiy08812+usbin
Trust: 0.8
url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08812
Trust: 0.8
url:http://www.rs6000.ibm.com/doc_link/en_us/a_doc_lib/cmds/aixcmds5/setsenv.htm#wpg2f0frit
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-1090
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-1090
Trust: 0.8
url:http://xforce.iss.net/static/5729.php
Trust: 0.6
sources:
            
            
            CERT/CC: VU#739201 // 
            
            
            
            CERT/CC: VU#808633 // 
            
            
            
            CERT/CC: VU#872257 // 
            
            
            
            CERT/CC: VU#886953 // 
            
            
            
            BID: 2100 // 
            
            
            
            JVNDB: JVNDB-2000-000075 // 
            
            
            
            CNNVD: CNNVD-200102-009 // 
            
            
            
            NVD: CVE-2000-1090

CREDITS
Nsfocus Security Team※ security@nsfocus.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200102-009

SOURCES
db:CERT/CCid:VU#739201
db:CERT/CCid:VU#808633
db:CERT/CCid:VU#872257
db:CERT/CCid:VU#886953
db:BIDid:2032
db:BIDid:2100
db:JVNDBid:JVNDB-2000-000075
db:CNNVDid:CNNVD-200102-009
db:NVDid:CVE-2000-1090

LAST UPDATE DATE
2024-09-15T21:47:58.597000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#739201date:2001-09-28T00:00:00
db:CERT/CCid:VU#808633date:2001-09-28T00:00:00
db:CERT/CCid:VU#872257date:2001-09-28T00:00:00
db:CERT/CCid:VU#886953date:2001-09-28T00:00:00
db:BIDid:2032date:2000-12-01T00:00:00
db:BIDid:2100date:2009-07-12T17:56:00
db:JVNDBid:JVNDB-2000-000075date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200102-009date:2006-04-25T00:00:00
db:NVDid:CVE-2000-1090date:2018-01-11T16:57:00.407

SOURCES RELEASE DATE
db:CERT/CCid:VU#739201date:2001-09-28T00:00:00
db:CERT/CCid:VU#808633date:2001-09-28T00:00:00
db:CERT/CCid:VU#872257date:2001-09-28T00:00:00
db:CERT/CCid:VU#886953date:2001-09-28T00:00:00
db:BIDid:2032date:2000-12-01T00:00:00
db:BIDid:2100date:2000-12-13T00:00:00
db:JVNDBid:JVNDB-2000-000075date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200102-009date:2000-12-13T00:00:00
db:NVDid:CVE-2000-1090date:2001-02-12T05:00:00