CVE-2000-0171

atsar_linux - Privilege Escalation via Improper Output File Permission Check

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0171. PoCs published by S. Krahmer.

AI-analyzed exploit summary This exploit leverages a vulnerability in atsadc (part of the atsar package) where it opens arbitrary files as root without proper permission checks. The PoC creates a malicious shared library and uses /etc/ld.so.preload to gain root privileges via a setuid binary.

Description

atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by S. Krahmer · perllocallinux

https://www.exploit-db.com/exploits/19804

View Code ZIP pw:eip

This exploit leverages a vulnerability in atsadc (part of the atsar package) where it opens arbitrary files as root without proper permission checks. The PoC creates a malicious shared library and uses /etc/ld.so.preload to gain root privileges via a setuid binary.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: atsar < 1.5 (atsadc binary)

No auth needed

Prerequisites: atsadc must be setuid root · /etc/ld.so.preload must not exist

MITRE ATT&CK

T1548.001 - Setuid and Setgid T1574.006 - Dynamic Linker Hijacking

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1048

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html

Scores

EPSS 0.0077

EPSS Percentile 51.1%

Details

Status published

Products (1)

at_computing/atsar_linux 1.4

Published Mar 11, 2000

Tracked Since Feb 18, 2026