Exploitation Summary
EIP tracks 1 public exploit for CVE-2000-0048. PoCs published by Cesar Tascon Alvarez.
AI-analyzed exploit summary This exploit leverages a local PATH vulnerability in the setuid root binary 'get_it' from Corel Linux OS. By manipulating the PATH environment variable to include a malicious 'cp' script, an attacker can escalate privileges to root.
Description
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Cesar Tascon Alvarez · textlocallinux
https://www.exploit-db.com/exploits/19723
This exploit leverages a local PATH vulnerability in the setuid root binary 'get_it' from Corel Linux OS. By manipulating the PATH environment variable to include a malicious 'cp' script, an attacker can escalate privileges to root.
Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target:
Corel Linux OS (Corel Update utility)
No auth needed
Prerequisites:
Local access to the system · Presence of the vulnerable 'get_it' binary
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/928
Various Sources x_refsource_confirm
http://linux.corel.com/support/clos_patch1.htm
Scores
EPSS
0.0161
EPSS Percentile
73.0%
Details
Status
published
Products (1)
corel/linux
1.0
Published
Jan 12, 2000
Tracked Since
Feb 18, 2026