CVE-2002-1814

Bonobo - Buffer Overflow via Long Command Line Arguments

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2002-1814. PoCs published by N4rK07IX, andrea lisci, clorox.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the efstool program (CVE-2002-1814) on Mandrake Linux 9.0. It overwrites the return address with a crafted payload to execute arbitrary shellcode, leading to local privilege escalation.

Description

Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.

Exploits (3)

exploitdb WORKING POC VERIFIED

by N4rK07IX · clocallinux

https://www.exploit-db.com/exploits/21585

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the efstool program (CVE-2002-1814) on Mandrake Linux 9.0. It overwrites the return address with a crafted payload to execute arbitrary shellcode, leading to local privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: efstool (libefs1-1.0.20-4mdk)

No auth needed

Prerequisites: efstool must be installed and preferably setuid root · local access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by andrea lisci · perllocallinux

https://www.exploit-db.com/exploits/21584

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the efstool program (part of Bonobo/Gnome) by supplying a long command-line argument. It overwrites stack memory to execute arbitrary shellcode, granting a local root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: efstool (Bonobo/Gnome) - version not specified

No auth needed

Prerequisites: Local access to the target system · efstool binary present and vulnerable

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by clorox · perllocallinux

https://www.exploit-db.com/exploits/21583

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the efstool program (part of Bonobo/Gnome) by supplying a long command-line argument to overwrite stack memory and execute arbitrary shellcode. It includes two methods with different buffer sizes and shellcode variants for reliability.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: efstool (Bonobo/Gnome) versions prior to the fix for CVE-2002-1814

No auth needed

Prerequisites: Local access to the target system · Presence of vulnerable efstool binary · Ability to execute the exploit script

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://www.securiteam.com/exploits/5AP0E0K8AO.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://online.securityfocus.com/archive/1/279676

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5125

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9451.php

Scores

EPSS 0.0112

EPSS Percentile 61.9%

Details

Status published

Products (8)

gnome/bonobo

mandrakesoft/mandrake_linux 7.1

mandrakesoft/mandrake_linux 8.0 (2 CPE variants)

mandrakesoft/mandrake_linux 9.0

redhat/linux 6.2 (3 CPE variants)

redhat/linux 7.0 (3 CPE variants)

redhat/linux 7.1 (3 CPE variants)

slackware/slackware_linux 8.0

Published Dec 31, 2002

Tracked Since Feb 18, 2026