CVE-2002-0851

isdn4linux - Local Privilege Escalation via Format String in ipppd Device Name Argument

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-0851. PoCs published by TESO Security, Gobbles Security.

AI-analyzed exploit summary This exploit targets a format string vulnerability in the ipppd utility of isdn4linux, which is installed with setuid root privileges. It manipulates the GOT entry of syslog() to redirect execution to a fixed stack address containing shellcode, achieving local privilege escalation.

Description

Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog.

Exploits (2)

exploitdb WORKING POC VERIFIED

by TESO Security · perllocallinux

https://www.exploit-db.com/exploits/21701

View Code ZIP pw:eip

This exploit targets a format string vulnerability in the ipppd utility of isdn4linux, which is installed with setuid root privileges. It manipulates the GOT entry of syslog() to redirect execution to a fixed stack address containing shellcode, achieving local privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: isdn4linux ipppd (versions with vulnerable syslog usage)

No auth needed

Prerequisites: Local access to the system · ipppd installed with setuid root privileges

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Gobbles Security · clocallinux

https://www.exploit-db.com/exploits/21700

View Code ZIP pw:eip

This exploit targets a format string vulnerability in the ipppd utility of isdn4linux, which is installed setuid root on SuSE 8.0. It leverages the vulnerability to execute arbitrary code with root privileges by overwriting the .dtors section.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: isdn4linux-utils (ipppd) on SuSE 8.0

No auth needed

Prerequisites: Access to a system with isdn4linux-utils installed setuid root · User must be in the 'dialout' group

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9811.php

Exploit, Vendor Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.html

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5437

Scores

EPSS 0.0105

EPSS Percentile 59.9%

Details

Status published

Products (1)

isdn4linux/isdn4linux 3.1_pre1

Published Sep 05, 2002

Tracked Since Feb 18, 2026