CVE-2000-0077

HP-UX - Privilege Escalation via PATH Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0077. PoCs published by Loneguard.

AI-analyzed exploit summary This exploit leverages a PATH environment variable manipulation in HP-UX's Aserver to execute arbitrary code as root. It creates a malicious 'ps' script in /var/tmp that copies and sets the setuid bit on /bin/csh, then executes Aserver with the -f argument to trigger the vulnerability.

Description

The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Loneguard · bashlocalhp-ux

https://www.exploit-db.com/exploits/20396

View Code ZIP pw:eip

This exploit leverages a PATH environment variable manipulation in HP-UX's Aserver to execute arbitrary code as root. It creates a malicious 'ps' script in /var/tmp that copies and sets the setuid bit on /bin/csh, then executes Aserver with the -f argument to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: HP-UX Aserver (versions 10.x and above)

No auth needed

Prerequisites: Access to a vulnerable HP-UX system with Aserver installed · Ability to modify the PATH environment variable

MITRE ATT&CK

T1574.007 - Path Interception by PATH Environment Variable

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5549

Scores

EPSS 0.0097

EPSS Percentile 57.5%

Details

Status published

Products (2)

hp/hp-ux 10

hp/hp-ux 11

Published Jan 02, 2000

Tracked Since Feb 18, 2026