CVE-2000-0438

Caldera OpenLinux - Buffer Overflow in fdmount via Long Mountpoint Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2000-0438. PoCs published by WaR, Scrippie, Paulo Ribeiro.

AI-analyzed exploit summary This exploit targets a buffer overflow in fdmount 0.8, allowing members of the 'floppy' group to execute arbitrary commands as root. It uses a shellcode payload and adjusts the return address via an offset argument.

Description

Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED

by WaR · clocallinux

https://www.exploit-db.com/exploits/19954

View Code ZIP pw:eip

This exploit targets a buffer overflow in fdmount 0.8, allowing members of the 'floppy' group to execute arbitrary commands as root. It uses a shellcode payload and adjusts the return address via an offset argument.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: fdmount 0.8

Auth required

Prerequisites: Membership in the 'floppy' group · fdmount binary with setuid bit set

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Scrippie · clocallinux

https://www.exploit-db.com/exploits/19953

View Code ZIP pw:eip

This exploit targets a buffer overflow in fdmount (CVE-2000-0438), allowing users in the 'floppy' group to execute arbitrary commands as root. It uses a classic stack-based overflow with NOP sleds and shellcode to spawn a root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: fdmount 0.8 (fdutils package)

Auth required

Prerequisites: User must be in the 'floppy' group · fdmount must be setuid root

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Paulo Ribeiro · clocallinux

https://www.exploit-db.com/exploits/19952

View Code ZIP pw:eip

This exploit leverages a buffer overflow in fdmount 0.8 to execute arbitrary shellcode as root. It targets the mount point parameter, requiring the attacker to be in the 'floppy' group.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: fdmount 0.8

Auth required

Prerequisites: Membership in the 'floppy' group · fdmount 0.8 with setuid bit set

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1239

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html

Scores

EPSS 0.0108

EPSS Percentile 60.6%

Details

Status published

Products (24)

caldera/openlinux 7.0

slackware/slackware_linux 3.3

slackware/slackware_linux 3.4

slackware/slackware_linux 3.5

slackware/slackware_linux 3.6

slackware/slackware_linux 3.9

slackware/slackware_linux 4.0

suse/suse_linux 4.2

suse/suse_linux 4.3

suse/suse_linux 4.4

... and 14 more

Published May 22, 2000

Tracked Since Feb 18, 2026