CVE-2000-0824

glibc 2.1.1 - Local Command Execution via Duplicate Environmental Variables

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0824. PoCs published by Tymm Twillman.

AI-analyzed exploit summary The writeup describes a format string vulnerability in ProFTPD due to improper handling of user input in the 'set_proc_title' function, allowing remote attackers to execute arbitrary code or escalate privileges by exploiting the snprintf function with crafted format specifiers.

Description

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tymm Twillman · textremotelinux
https://www.exploit-db.com/exploits/19503

The writeup describes a format string vulnerability in ProFTPD due to improper handling of user input in the 'set_proc_title' function, allowing remote attackers to execute arbitrary code or escalate privileges by exploiting the snprintf function with crafted format specifiers.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ProFTPD (versions supporting PF_ARGV_WRITABLE)
Auth required
Prerequisites: ProFTPD compiled with PF_ARGV_WRITABLE support · Valid login credentials (anonymous or authenticated)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Various Sources vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5173
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=93760201002154&w=2
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-057.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1639
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2000/20000902
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/79537
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/648
Vendor Advisory vendor-advisory x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt
Various Sources vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3

Scores

EPSS 0.0123
EPSS Percentile 65.3%

Details

Status published
Products (1)
gnu/glibc 2.1.1
Published Nov 14, 2000
Tracked Since Feb 18, 2026