CVE-2001-1077

rxvt 2.6.2 - Local Privilege Escalation via Long -T or -name Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1077. PoCs published by MasterSecuritY.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in rxvt 2.6.2 by passing a long command-line argument to execute arbitrary code with elevated privileges (setgid 'utmp'). It compiles and runs a helper binary to spawn a shell.

Description

Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MasterSecuritY · bashlocallinux

https://www.exploit-db.com/exploits/20928

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in rxvt 2.6.2 by passing a long command-line argument to execute arbitrary code with elevated privileges (setgid 'utmp'). It compiles and runs a helper binary to spawn a shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: rxvt 2.6.2

No auth needed

Prerequisites: Local access to the target system · rxvt installed with setgid 'utmp' · X11 display access

MITRE ATT&CK