CVE-2001-0169

Mandrake Linux - Arbitrary File Write via LD_PRELOAD Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0169. PoCs published by Shadow.

AI-analyzed exploit summary This exploit leverages the LD_PRELOAD environment variable vulnerability (CVE-2001-0169) to create a malicious shared library load path, forcing the 'userhelper' binary to execute arbitrary code. It writes a script to /etc/initscript that copies a SUID root shell to /var/tmp/.nothing, enabling privilege escalation.

Description

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Shadow · locallinux

https://www.exploit-db.com/exploits/290

View Code ZIP pw:eip

This exploit leverages the LD_PRELOAD environment variable vulnerability (CVE-2001-0169) to create a malicious shared library load path, forcing the 'userhelper' binary to execute arbitrary code. It writes a script to /etc/initscript that copies a SUID root shell to /var/tmp/.nothing, enabling privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Red Hat Linux 6.0 (and potentially others with vulnerable LD_PRELOAD handling)

No auth needed

Prerequisites: Access to a vulnerable system with LD_PRELOAD misconfiguration · Presence of the 'userhelper' binary · Write permissions in /lib or ability to manipulate LD_PRELOAD

MITRE ATT&CK

T1574.006 - Dynamic Linker Hijacking

devstral-2 · analyzed Feb 16, 2026 Full analysis →