CVE-2000-1074

iCal 2.1 Patch 2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1074. PoCs published by @stake.

AI-analyzed exploit summary This exploit leverages a path manipulation vulnerability in Netscape's iPlanet iCal to execute arbitrary code as the 'icsuser' and escalate privileges to root by creating a malicious shared library. The PoC includes two scripts: one to gain an 'icsuser' shell and another to achieve root access upon service restart.

Description

csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by @stake · bashlocalsolaris

https://www.exploit-db.com/exploits/20276

View Code ZIP pw:eip

This exploit leverages a path manipulation vulnerability in Netscape's iPlanet iCal to execute arbitrary code as the 'icsuser' and escalate privileges to root by creating a malicious shared library. The PoC includes two scripts: one to gain an 'icsuser' shell and another to achieve root access upon service restart.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Netscape iPlanet iCal (versions with vulnerable csstart)

No auth needed

Prerequisites: Access to a system with vulnerable iPlanet iCal installation · Ability to execute commands in a directory where 'csstart' is run

MITRE ATT&CK

T1082 - System Information Discovery T1574 - Hijack Execution Flow T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/7209

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5757

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1769

Exploit, Patch, Vendor Advisory vendor-advisory x_refsource_atstake

http://www.atstake.com/research/advisories/2000/a100900-1.txt

Scores

EPSS 0.0411

EPSS Percentile 89.5%

Details

Status published

Products (1)

netscape/iplanet_ical 2.1 patch2

Published Dec 11, 2000

Tracked Since Feb 18, 2026