CVE-2000-0763

xlockmore/xlockf < unknown - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0763. PoCs published by Ben Williams, noir.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in xlockmore (CVE-2000-0763) to achieve local privilege escalation by overwriting the stack and executing arbitrary shellcode with root privileges. The exploit calculates the necessary offsets dynamically to bypass ASLR-like protections and targets the setuid binary.

Description

xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Ben Williams · clocalunix
https://www.exploit-db.com/exploits/20154

This exploit leverages a format string vulnerability in xlockmore (CVE-2000-0763) to achieve local privilege escalation by overwriting the stack and executing arbitrary shellcode with root privileges. The exploit calculates the necessary offsets dynamically to bypass ASLR-like protections and targets the setuid binary.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: xlockmore (and derived versions, e.g., xlock)
No auth needed
Prerequisites: xlockmore setuid root · vulnerable version of xlockmore (pre-2000 patches) · local access to the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by noir · clocalunix
https://www.exploit-db.com/exploits/20153

This exploit targets a format string vulnerability in xlockmore (CVE-2000-0763) to achieve local privilege escalation. It leverages the -display option to overwrite stack values and execute arbitrary shellcode with root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: xlockmore (and derived versions like xlock) on OpenBSD 2.6/2.7
No auth needed
Prerequisites: Local access to the system · xlockmore installed setuid root
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2000/20000816
Patch, Vendor Advisory vendor-advisory x_refsource_freebsd
http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1585
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html

Scores

EPSS 0.0124
EPSS Percentile 65.3%

Details

Status published
Products (2)
david_bagley/xlock 4.16
david_bagley/xlock 4.16.1
Published Oct 20, 2000
Tracked Since Feb 18, 2026