CVE-2002-0824

Freebsd Point-to-point Protocol Daemon - Symlink Following

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0824. PoCs published by Sebastian Krahmer.

AI-analyzed exploit summary This exploit targets a race condition in the pppd daemon on BSD systems, allowing local privilege escalation by manipulating file permissions on /etc/crontab. The PoC creates a symlink race to inject a cron job that sets the SUID bit on a malicious binary.

Description

BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sebastian Krahmer · perllocalbsd

https://www.exploit-db.com/exploits/21669

View Code ZIP pw:eip

This exploit targets a race condition in the pppd daemon on BSD systems, allowing local privilege escalation by manipulating file permissions on /etc/crontab. The PoC creates a symlink race to inject a cron job that sets the SUID bit on a malicious binary.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: pppd (OpenBSD 3.0, 3.1, and potentially other BSD distributions)

No auth needed

Prerequisites: Local access to the target system · pppd installed and accessible

MITRE ATT&CK