CVE-2000-0816

Linux - OS Command Injection via tmpwatch --fuser Option

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0816. PoCs published by X-Force.

AI-analyzed exploit summary This exploit creates a maliciously named file to trigger command injection in tmpwatch's fuser component via shell metacharacters. It leverages improper handling of system() calls to execute arbitrary commands, potentially leading to privilege escalation if tmpwatch runs as root.

Description

Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by X-Force · clocallinux

https://www.exploit-db.com/exploits/20285

View Code ZIP pw:eip

This exploit creates a maliciously named file to trigger command injection in tmpwatch's fuser component via shell metacharacters. It leverages improper handling of system() calls to execute arbitrary commands, potentially leading to privilege escalation if tmpwatch runs as root.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: tmpwatch (with fuser component)

No auth needed

Prerequisites: Write access to a directory monitored by tmpwatch · tmpwatch configured to use the fuser component

MITRE ATT&CK