CVE-2000-0229

gpm - Privilege Escalation via gpm-root Utility

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0229. PoCs published by Egmont Koblinger.

AI-analyzed exploit summary This exploit leverages a design flaw in the gpm-root program where setgid fails after setuid, allowing a local user with console access to create a setgid shell. The PoC involves configuring a .gpm-root file to execute commands that modify the permissions of /bin/sh to gain elevated privileges.

Description

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Egmont Koblinger · textlocallinux
https://www.exploit-db.com/exploits/19816

This exploit leverages a design flaw in the gpm-root program where setgid fails after setuid, allowing a local user with console access to create a setgid shell. The PoC involves configuring a .gpm-root file to execute commands that modify the permissions of /bin/sh to gain elevated privileges.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: gpm (General Purpose Mouse) package, versions affected by CVE-2000-0229
Auth required
Prerequisites: console access · gpm-root program installed · ability to create a .gpm-root file in the user's home directory
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-045.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1069
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-009.html

Scores

EPSS 0.0080
EPSS Percentile 52.3%

Details

Status published
Products (13)
alessandro_rubini/gpm 1.18.1
alessandro_rubini/gpm 1.19
debian/debian_linux 2.0
debian/debian_linux 2.1
debian/debian_linux 2.2 (2 CPE variants)
redhat/linux 6.0
redhat/linux 6.1
redhat/linux 6.2
suse/suse_linux 5.3
suse/suse_linux 6.0
... and 3 more
Published Mar 22, 2000
Tracked Since Feb 18, 2026