CVE-2002-0499

Linux kernel <2.2.20 & <2.4.18 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0499. PoCs published by cliph.

AI-analyzed exploit summary This exploit demonstrates a vulnerability in the Linux kernel's d_path() function where a path exceeding PATH_MAX characters is truncated without error, potentially leading to information leakage or path manipulation. The PoC creates a deep directory structure to trigger the bug and observes the truncated output.

Description

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cliph · clocallinux

https://www.exploit-db.com/exploits/21353

View Code ZIP pw:eip

This exploit demonstrates a vulnerability in the Linux kernel's d_path() function where a path exceeding PATH_MAX characters is truncated without error, potentially leading to information leakage or path manipulation. The PoC creates a deep directory structure to trigger the bug and observes the truncated output.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel 2.2.x/2.4.x

No auth needed

Prerequisites: Access to a vulnerable Linux kernel (2.2.x/2.4.x) · Permission to create directories in /tmp

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8634.php

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4367

Various Sources x_refsource_misc

http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html

Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/264117

Scores

EPSS 0.0097

EPSS Percentile 57.5%

Details

Status published

Products (42)

linux/linux_kernel 2.2.0

linux/linux_kernel 2.2.1

linux/linux_kernel 2.2.2

linux/linux_kernel 2.2.3

linux/linux_kernel 2.2.4

linux/linux_kernel 2.2.5

linux/linux_kernel 2.2.6

linux/linux_kernel 2.2.7

linux/linux_kernel 2.2.8

linux/linux_kernel 2.2.9

... and 32 more

Published Aug 12, 2002

Tracked Since Feb 18, 2026