CVE-2000-0052

Red Hat userhelper - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0052. PoCs published by Elias Levy, dildog.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in userhelper and PAM on Red Hat 6.0/6.1 and Mandrake 6.1 to execute arbitrary code with root privileges. It creates a malicious shared library and PAM configuration file to achieve local privilege escalation.

Description

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Elias Levy · clocallinux

https://www.exploit-db.com/exploits/19710

View Code ZIP pw:eip

This exploit leverages a path traversal vulnerability in userhelper and PAM on Red Hat 6.0/6.1 and Mandrake 6.1 to execute arbitrary code with root privileges. It creates a malicious shared library and PAM configuration file to achieve local privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Red Hat Linux 6.0/6.1, Mandrake Linux 6.1, TurboLinux 6.0.2 and prior

No auth needed

Prerequisites: Local access to the vulnerable system · GCC and ld installed · Write permissions in /tmp

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1574 - Hijack Execution Flow

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by dildog · bashlocallinux

https://www.exploit-db.com/exploits/19709

View Code ZIP pw:eip

This exploit leverages a path traversal vulnerability in userhelper and PAM to execute arbitrary code with root privileges. It creates a malicious shared library and configuration file, then uses userhelper to trigger PAM to load the library, resulting in a root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: RedHat 6.0/6.1, Mandrake 6.0/6.1, Turbolinux 3.5 b2/4.2/4.4/6.0.2

No auth needed

Prerequisites: Local access to the vulnerable system · GCC and ld tools available

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1574 - Hijack Execution Flow

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2000-001.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/913

Various Sources vendor-advisory x_refsource_l0pht

http://www.l0pht.com/advisories/pam_advisory

Various Sources vdb-entry x_refsource_xf

http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper

Scores

EPSS 0.0089

EPSS Percentile 54.6%

Details

Status published

Products (8)

mandrakesoft/mandrake_linux 6.0

mandrakesoft/mandrake_linux 6.1

redhat/linux 6.0

redhat/linux 6.1

turbolinux/turbolinux 3.5b2

turbolinux/turbolinux 4.2

turbolinux/turbolinux 4.4

turbolinux/turbolinux 6.0.2

Published Jan 04, 2000

Tracked Since Feb 18, 2026