CVE-2001-0915

Berkeley parallel make <2.1.33 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0915. PoCs published by IhaQueR@IRCnet.

AI-analyzed exploit summary This exploit targets a format string vulnerability in Parallel Make (pmake) <= 2.1.33, allowing arbitrary memory writes via the .SHELL variable in a Makefile. It leverages this to overwrite the return address and execute arbitrary code with root privileges if pmake is setuid root.

Description

Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition.

Exploits (1)

exploitdb WORKING POC VERIFIED

by IhaQueR@IRCnet · clocallinux

https://www.exploit-db.com/exploits/21158

View Code ZIP pw:eip

This exploit targets a format string vulnerability in Parallel Make (pmake) <= 2.1.33, allowing arbitrary memory writes via the .SHELL variable in a Makefile. It leverages this to overwrite the return address and execute arbitrary code with root privileges if pmake is setuid root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Parallel Make (pmake) <= 2.1.33

No auth needed

Prerequisites: pmake installed with setuid root · ability to execute pmake locally

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=100638919720975&w=2

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/7602.php

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3572

Scores

EPSS 0.0070

EPSS Percentile 48.2%

Details

Status published

Products (1)

berkeley/pmake < 2.1.33

Published Nov 21, 2001

Tracked Since Feb 18, 2026