CVE-2000-0795

IRIX 6.2-6.3 - Local Buffer Overflow via lpstat -n Option

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0795. PoCs published by LSD-PLaNET, Last Stage of Delirium.

AI-analyzed exploit summary This exploit targets a vulnerability in /usr/bin/lpstat on IRIX systems by manipulating the NETTYPE environment variable to load a malicious shared library. The library executes a shell with elevated privileges via setreuid and setuid calls.

Description

Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.

Exploits (2)

exploitdb WORKING POC VERIFIED

by LSD-PLaNET · bashlocalirix

https://www.exploit-db.com/exploits/265

View Code ZIP pw:eip

This exploit targets a vulnerability in /usr/bin/lpstat on IRIX systems by manipulating the NETTYPE environment variable to load a malicious shared library. The library executes a shell with elevated privileges via setreuid and setuid calls.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: IRIX 5.3, 6.2, 6.3, 6.4, 6.5, 6.5.11 /usr/bin/lpstat

No auth needed

Prerequisites: Write access to a temporary directory · Presence of vulnerable /usr/bin/lpstat binary

MITRE ATT&CK

T1574 - Hijack Execution Flow T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Last Stage of Delirium · clocalirix

https://www.exploit-db.com/exploits/20129

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in IRIX's lpstat utility (CVE-2000-0795). It constructs a malicious payload with NOP sleds, setreuid shellcode, and a shell spawn to achieve remote code execution as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IRIX lpstat (versions 6.2, 6.3)

No auth needed

Prerequisites: Access to vulnerable IRIX system · Ability to execute /bin/lpstat

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558%40ix.put.poznan.pl

Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1529

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/1485

Scores

EPSS 0.0117

EPSS Percentile 63.4%

Details

Status published

Products (2)

sgi/irix 6.2

sgi/irix 6.3

Published Oct 20, 2000

Tracked Since Feb 18, 2026