CVE-2000-1095

modutils 2.3.x - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1095. PoCs published by Michal Zalewski.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in modprobe (CVE-2000-1095) via the ping utility to gain root access on RedHat 7.0 systems. It manipulates the -I parameter to execute arbitrary commands through shell metacharacters, ultimately spawning a root shell.

Description

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Michal Zalewski · bashlocallinux
https://www.exploit-db.com/exploits/20402

This exploit leverages a command injection vulnerability in modprobe (CVE-2000-1095) via the ping utility to gain root access on RedHat 7.0 systems. It manipulates the -I parameter to execute arbitrary commands through shell metacharacters, ultimately spawning a root shell.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: modutils (modprobe) on RedHat Linux 7.0
No auth needed
Prerequisites: setuid ping utility · kmod enabled · RedHat Linux 7.0 or similar environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1936
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-108.html
Various Sources vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/security/MDKSA-2000-071-1.php3?dis=7.1
Third Party Advisory vendor-advisory x_refsource_suse
http://archives.neohapsis.com/archives/linux/suse/2000-q4/0596.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-11/0179.html
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000340
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2000/20001120
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5516

Scores

EPSS 0.0111
EPSS Percentile 61.5%

Details

Status published
Products (7)
conectiva/linux 5.1
immunix/immunix 6.2
immunix/immunix 7.0_beta
mandrakesoft/mandrake_linux 7.2
redhat/linux 7.0
suse/suse_linux 6.4
suse/suse_linux 7.0
Published Jan 09, 2001
Tracked Since Feb 18, 2026