CVE-2000-0757 - The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers

CVE-2000-0757

Summary

The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed.

References

http://archives.neohapsis.com/archives/bugtraq/2000-08/0074.html
http://www.securityfocus.com/bid/1555

Vulnerable Configurations

cpe:2.3:a:aptis_software:totalbill:3.0:*:*:*:*:*:*:*
cpe:2.3:a:aptis_software:totalbill:3.0:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 05-09-2008 - 20:21)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	1555
bugtraq	20000808 Exploit for Totalbill...

Last major update

05-09-2008 - 20:21

Published

20-10-2000 - 04:00

Last modified

05-09-2008 - 20:21