CVE-2000-0009

Optivity NETarchitect - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0009. PoCs published by Loneguard.

AI-analyzed exploit summary This exploit leverages a PATH environment variable manipulation vulnerability in NETarchitect's bna_pass binary to execute arbitrary code as root. By poisoning the PATH to prioritize a malicious 'rm' script in the current directory, the attacker gains root privileges via a setuid copy of /bin/csh.

Description

The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Loneguard · bashlocalmultiple

https://www.exploit-db.com/exploits/19704

View Code ZIP pw:eip

This exploit leverages a PATH environment variable manipulation vulnerability in NETarchitect's bna_pass binary to execute arbitrary code as root. By poisoning the PATH to prioritize a malicious 'rm' script in the current directory, the attacker gains root privileges via a setuid copy of /bin/csh.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Nortel Networks NETarchitect (Optivity Network Configuration System) on HP-UX

No auth needed

Prerequisites: Access to a system with NETarchitect installed · Write permissions to /tmp · bna_pass binary must be setuid root

MITRE ATT&CK

T1574.007 - Path Interception by PATH Environment Variable

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/907

Scores

EPSS 0.0082

EPSS Percentile 52.4%

Details

Status published

Products (1)

nortel/optivity_net_architect 2.0

Published Dec 29, 1999

Tracked Since Feb 18, 2026