Vulnerability Name:

CVE-2000-0845 (CCN-5262)

Assigned:2000-09-19
Published:2000-09-19
Updated:2008-09-05
Summary:kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: BUGTRAQ
Type: Patch, Vendor Advisory
20000918 [ENIGMA] Digital UNIX/Tru64 UNIX remote kdebug Vulnerability

Source: CCN
Type: Enigma Security Advisory EN18090001
kdebugd service file vulnerability

Source: MITRE
Type: CNA
CVE-2000-0845

Source: CCN
Type: OSVDB ID: 8764
Digital Unix kdebugd Remote Arbitrary File Access

Source: CCN
Type: BID-1693
Compaq Tru64 kdebugd Remote Arbitrary File Write Vulnerability

Source: CCN
Type: Compaq Web site
Tru64 UNIX on AlphaServer

Source: XF
Type: UNKNOWN
du-kdebugd-write-access(5262)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:digital:unix:4.0f:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:compaq:tru64:4.0d:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0e:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    digital unix 4.0f
    compaq tru64 4.0d
    compaq tru64 4.0e
    compaq tru64 4.0f
    compaq tru64 5.0