CVE-2001-0623

sendfile - Privilege Escalation via Notification Email Handling

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0623. PoCs published by psheep, Cade Cairns.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in the Sendfile daemon (SAFT protocol) by injecting arbitrary commands into a user's configuration file, leading to execution with elevated privileges. It compiles helper binaries to achieve a root shell via setuid manipulation.

Description

sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by psheep · bashlocallinux

https://www.exploit-db.com/exploits/20795

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in the Sendfile daemon (SAFT protocol) by injecting arbitrary commands into a user's configuration file, leading to execution with elevated privileges. It compiles helper binaries to achieve a root shell via setuid manipulation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Sendfile daemon (SAFT protocol implementation)

No auth needed

Prerequisites: Local access to the system · Sendfile daemon running · Write access to the spool directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Cade Cairns · bashlocallinux

https://www.exploit-db.com/exploits/20798

View Code ZIP pw:eip

This exploit leverages a serialization error in the Sendfile daemon (sendfiled) to execute arbitrary commands as root. It manipulates the configuration file to insert a malicious notification command, which triggers the execution of a suid root shell wrapper.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Sendfile daemon (sendfiled) with SAFT protocol

No auth needed

Prerequisites: Local access to the system · Sendfile daemon running · Write access to the spool directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2001/dsa-050

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6430

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2001/dsa-052

Scores

EPSS 0.0080

EPSS Percentile 51.9%

Details

Status published

Products (1)

sendfile/sendfile

Published Aug 02, 2001

Tracked Since Feb 18, 2026