CVE-2001-0459

AfterStep ascdc - Local Privilege Escalation via Long Command Line Option

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0459. PoCs published by the itch, anonymous.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in ascdc (version 0.3-2-i386) via the -c, -d, or -m arguments, allowing arbitrary code execution. It leverages environment variables to overwrite the return address and execute shellcode, potentially gaining elevated privileges if ascdc is installed setuid.

Description

Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.

Exploits (2)

exploitdb WORKING POC VERIFIED

by the itch · clocalunix

https://www.exploit-db.com/exploits/20679

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in ascdc (version 0.3-2-i386) via the -c, -d, or -m arguments, allowing arbitrary code execution. It leverages environment variables to overwrite the return address and execute shellcode, potentially gaining elevated privileges if ascdc is installed setuid.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: ascdc 0.3-2-i386

No auth needed

Prerequisites: ascdc installed setuid root · ability to execute the binary on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by anonymous · clocalunix

https://www.exploit-db.com/exploits/20678

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in ascdc (CVE-2001-0459) via the -d argument, allowing arbitrary code execution. It uses a NOP sled and shellcode to spawn a shell, leveraging insufficient bounds checking in the program.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: ascdc (version not specified)

No auth needed

Prerequisites: ascdc installed setuid · ability to execute the binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=98408897106411&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6204

Scores

EPSS 0.0078

EPSS Percentile 51.0%

Details

Status published

Products (2)

afterstep.org/afterstep

rob_malda/ascdc 0.3

Published Jun 27, 2001

Tracked Since Feb 18, 2026