CVE-2002-0137

CDRDAO <1.1.5 - Local Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2002-0137. PoCs published by Karol Wiesek, anonymous, atomi.

AI-analyzed exploit summary This exploit leverages a symbolic link attack in CDRDAO (setuid root) to overwrite /etc/ld.so.preload, enabling arbitrary command execution as root via a malicious shared library. It creates a setuid shell for privilege escalation.

Description

CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Karol Wiesek · bashlocallinux
https://www.exploit-db.com/exploits/21219

This exploit leverages a symbolic link attack in CDRDAO (setuid root) to overwrite /etc/ld.so.preload, enabling arbitrary command execution as root via a malicious shared library. It creates a setuid shell for privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: CDRDAO (versions prior to fix for CVE-2002-0137)
No auth needed
Prerequisites: cdrdao installed setuid root · /etc/ld.so.preload does not exist · /bin/su is setuid
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · bashlocallinux
https://www.exploit-db.com/exploits/21218

This exploit leverages a symbolic link vulnerability in CDRDAO (CVE-2002-0137) to overwrite root-owned files, specifically targeting /etc/ld.so.preload to achieve local privilege escalation. It compiles a shared library to hook getuid() and a shell program to spawn a root shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: CDRDAO (versions prior to fix for CVE-2002-0137)
No auth needed
Prerequisites: cdrdao installed with setuid root · write access to /tmp · ability to execute cdrdao
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by atomi · bashlocallinux
https://www.exploit-db.com/exploits/21217

This exploit leverages a symbolic link vulnerability in CDRDAO (setuid root) to overwrite root-owned files, specifically creating a cron job that compiles and executes a setuid root shell. The attack involves manipulating the .cdrdao configuration file to achieve local privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: CDRDAO (versions prior to fix for CVE-2002-0137)
No auth needed
Prerequisites: CDRDAO installed with setuid root · Write access to user's home directory · Ability to create symbolic links
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · bashlocallinux
https://www.exploit-db.com/exploits/21216

This exploit leverages a symbolic link vulnerability in CDRDAO (setuid root) to overwrite root-owned files or execute commands as root. It creates a malicious .toc file and uses cdrdao's show-data command to read arbitrary files, demonstrating the vulnerability.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: CDRDAO (versions prior to fix for CVE-2002-0137)
No auth needed
Prerequisites: cdrdao installed setuid root · ability to create symbolic links in the user's home directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101102759631000&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3865

Scores

EPSS 0.0075
EPSS Percentile 50.2%

Details

Status published
Products (2)
andreas_mueller/cdrdao 1.1.4
andreas_mueller/cdrdao 1.1.5
Published Mar 25, 2002
Tracked Since Feb 18, 2026