CVE-2000-0537

BRU - Arbitrary File Write via BRUEXECLOG Environment Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0537. PoCs published by Riley Hassell.

AI-analyzed exploit summary This exploit leverages an environment variable manipulation vulnerability in BRU (Backup and Restore Utility) to overwrite arbitrary files, including /etc/passwd, allowing local privilege escalation to root. The PoC demonstrates creating a root shell entry in the passwd file.

Description

BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Riley Hassell · textlocalmultiple
https://www.exploit-db.com/exploits/19999

This exploit leverages an environment variable manipulation vulnerability in BRU (Backup and Restore Utility) to overwrite arbitrary files, including /etc/passwd, allowing local privilege escalation to root. The PoC demonstrates creating a root shell entry in the passwd file.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: BRU (Backup and Restore Utility) by Enhanced Software Technologies
No auth needed
Prerequisites: Local access to the system · BRU installed with setuid root
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/4644
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1321
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html
Vendor Advisory vendor-advisory x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2000-018.0.txt

Scores

EPSS 0.0072
EPSS Percentile 49.3%

Details

Status published
Products (2)
tolis_group/bru 15.1
tolis_group/bru 16.0
Published Jun 05, 2000
Tracked Since Feb 18, 2026