CVE-2000-0231

Linux kreatecd - Privilege Escalation via Untrusted Path

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0231. PoCs published by Sebastian.

AI-analyzed exploit summary The vulnerability in kreatecd (a graphical front-end for cdrecord) allows arbitrary command execution as root due to improper handling of the cdrecord path configuration. The exploit requires graphical interaction and leverages the setuid root privilege of the program.

Description

Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sebastian · textlocallinux

https://www.exploit-db.com/exploits/19813

View Code ZIP pw:eip

The vulnerability in kreatecd (a graphical front-end for cdrecord) allows arbitrary command execution as root due to improper handling of the cdrecord path configuration. The exploit requires graphical interaction and leverages the setuid root privilege of the program.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: kreatecd (version not specified)

No auth needed

Prerequisites: kreatecd installed setuid root · graphical interaction

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1061

Scores

EPSS 0.0077

EPSS Percentile 51.0%

Details

Status published

Products (5)

halloween/halloween_linux 4.0

suse/suse_linux 6.0

suse/suse_linux 6.1

suse/suse_linux 6.2

suse/suse_linux 6.3

Published Mar 16, 2000

Tracked Since Feb 18, 2026