CVE-2002-0333

xtell < 1.91.1 and 2.x < 2.7 - Directory Traversal via TTY Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0333. PoCs published by spybreak.

AI-analyzed exploit summary This exploit leverages an information disclosure vulnerability in xtell by sending a maliciously formatted message to determine if a user is logged in without displaying or logging the message. The PoC uses a Perl command to generate a long string of 'A's and sends it via netcat to the target host on port 4224.

Description

Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.

Exploits (1)

exploitdb WORKING POC VERIFIED
by spybreak · textremotelinux
https://www.exploit-db.com/exploits/21310

This exploit leverages an information disclosure vulnerability in xtell by sending a maliciously formatted message to determine if a user is logged in without displaying or logging the message. The PoC uses a Perl command to generate a long string of 'A's and sends it via netcat to the target host on port 4224.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: xtell (versions unspecified, likely older versions)
No auth needed
Prerequisites: Network access to the target host on port 4224 · xtell service running on the target host
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101494896516467&w=2
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-121
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4194
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8313.php

Scores

EPSS 0.0263
EPSS Percentile 83.6%

Details

Status published
Products (2)
xtell/xtell 1.91.1
xtell/xtell 2.6.1
Published Jun 25, 2002
Tracked Since Feb 18, 2026