CVE-2001-0084

GTK+ - Privilege Escalation via GTK_MODULES Environment Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0084. PoCs published by V9.

AI-analyzed exploit summary This exploit leverages the GTK_MODULES environment variable to load a malicious module, achieving local privilege escalation by executing arbitrary code with the privileges of a setuid GTK+ application. The PoC compiles a fake module that spawns a shell upon loading.

Description

GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.

Exploits (1)

exploitdb WORKING POC VERIFIED
by V9 · clocalunix
https://www.exploit-db.com/exploits/20526

This exploit leverages the GTK_MODULES environment variable to load a malicious module, achieving local privilege escalation by executing arbitrary code with the privileges of a setuid GTK+ application. The PoC compiles a fake module that spawns a shell upon loading.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: GTK+ (versions affected by CVE-2001-0084)
No auth needed
Prerequisites: Access to a setuid GTK+ binary · Valid X11 display · GCC compiler
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2165
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-12/0498.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-01/0027.html
Third Party Advisory x_refsource_misc
http://www.gtk.org/setuid.html

Scores

EPSS 0.0122
EPSS Percentile 64.7%

Details

Status published
Products (1)
gnome/gtk 1.2.8
Published Feb 12, 2001
Tracked Since Feb 18, 2026