CVE-2001-0823

PCP <2.2.1-3 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0823. PoCs published by IhaQueR.

AI-analyzed exploit summary This exploit leverages a symbolic link vulnerability in the setuid root binary 'pmpost' from Performance Co-Pilot (PCP) to overwrite /etc/passwd and gain root privileges. It creates a malicious entry in the passwd file by abusing the PCP_LOG_DIR environment variable.

Description

The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).

Exploits (1)

exploitdb WORKING POC VERIFIED

by IhaQueR · clocalirix

https://www.exploit-db.com/exploits/20937

View Code ZIP pw:eip

This exploit leverages a symbolic link vulnerability in the setuid root binary 'pmpost' from Performance Co-Pilot (PCP) to overwrite /etc/passwd and gain root privileges. It creates a malicious entry in the passwd file by abusing the PCP_LOG_DIR environment variable.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Performance Co-Pilot (PCP) <= 2.1.11-5

No auth needed

Prerequisites: pmpost installed setuid root · write access to /tmp

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=99290754901708&w=2

Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2887

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6724

Patch vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A

Scores

EPSS 0.0097

EPSS Percentile 57.5%

Details

Status published

Products (12)

sgi/performance_co-pilot 2.1.1

sgi/performance_co-pilot 2.1.2

sgi/performance_co-pilot 2.1.3

sgi/performance_co-pilot 2.1.4

sgi/performance_co-pilot 2.1.5

sgi/performance_co-pilot 2.1.6

sgi/performance_co-pilot 2.1.7

sgi/performance_co-pilot 2.1.8

sgi/performance_co-pilot 2.1.9

sgi/performance_co-pilot 2.1.10

... and 2 more

Published Dec 06, 2001

Tracked Since Feb 18, 2026