CVE-2000-0094

NetBSD - Privilege Escalation via /proc/pid/mem File Descriptor Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0094. PoCs published by Nergal.

AI-analyzed exploit summary This exploit targets a vulnerability in certain BSD derivatives' /proc filesystem implementation, allowing local users to gain root privileges by manipulating process memory via /proc/[pid]/mem. It uses a shellcode injection technique combined with a symlink attack on the passwd binary.

Description

procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Nergal · clocalbsd
https://www.exploit-db.com/exploits/19726

This exploit targets a vulnerability in certain BSD derivatives' /proc filesystem implementation, allowing local users to gain root privileges by manipulating process memory via /proc/[pid]/mem. It uses a shellcode injection technique combined with a symlink attack on the passwd binary.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: BSD derivatives with vulnerable /proc filesystem implementation
No auth needed
Prerequisites: Local access to the target system · Vulnerable /proc filesystem implementation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-001.txt.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3995
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/940
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20760

Scores

EPSS 0.0072
EPSS Percentile 49.4%

Details

Status published
Products (1)
netbsd/netbsd 1.4.1
Published Feb 16, 2000
Tracked Since Feb 18, 2026