CVE-2000-0154

UnixWare - Local Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0154.

AI-analyzed exploit summary This exploit leverages a symlink following vulnerability in the ARCserve agent (asagent) on SCO Unixware 7. By replacing a temporary file in /tmp with a symlink, an attacker can create arbitrary files owned by root, using the contents of the world-writable /usr/CYEagent/agent.cfg file.

Description

The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.

Exploits (1)

exploitdb WORKING POC

localsco

https://www.exploit-db.com/exploits/19752

View Code ZIP pw:eip

This exploit leverages a symlink following vulnerability in the ARCserve agent (asagent) on SCO Unixware 7. By replacing a temporary file in /tmp with a symlink, an attacker can create arbitrary files owned by root, using the contents of the world-writable /usr/CYEagent/agent.cfg file.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: ARCserve agent on SCO Unixware 7

No auth needed

Prerequisites: Access to the local system · Ability to write to /tmp and /usr/CYEagent/agent.cfg

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources x_refsource_misc

http://www.sco.com/security/

Third Party Advisory, VDB Entry vendor-advisory x_refsource_nai

http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af%2494528870%244d2f45a1%40jmagdych.na.nai.com

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/988

Scores

EPSS 0.0084

EPSS Percentile 53.0%

Details

Status published

Products (2)

sco/unixware 7.1

sco/unixware 7.1.1

Published Feb 16, 2000

Tracked Since Feb 18, 2026