CVE-2002-0817

super for Linux - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0817. PoCs published by gobbles.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in the 'super' command (version 3.18) due to improper use of syslog(). It allows local privilege escalation by corrupting memory via format specifiers, targeting the .dtors section to overwrite arbitrary memory locations.

Description

Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by gobbles · clocallinux

https://www.exploit-db.com/exploits/21674

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in the 'super' command (version 3.18) due to improper use of syslog(). It allows local privilege escalation by corrupting memory via format specifiers, targeting the .dtors section to overwrite arbitrary memory locations.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: super (version 3.18)

No auth needed

Prerequisites: Local access to the system · Presence of vulnerable 'super' binary compiled with syslog support

MITRE ATT&CK