CVE-2003-0388

Linux-PAM 0.78 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0388. PoCs published by Karol Wiesek.

AI-analyzed exploit summary This exploit leverages a misconfiguration in the Linux-PAM pam_wheel module to bypass authentication for the 'su' utility. By spoofing the login name via symlink manipulation of /dev/tty, an attacker can impersonate a wheel group member and gain root access.

Description

pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Karol Wiesek · textlocallinux
https://www.exploit-db.com/exploits/22781

This exploit leverages a misconfiguration in the Linux-PAM pam_wheel module to bypass authentication for the 'su' utility. By spoofing the login name via symlink manipulation of /dev/tty, an attacker can impersonate a wheel group member and gain root access.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Linux-PAM pam_wheel module (versions with misconfiguration)
No auth needed
Prerequisites: Local access to the system · pam_wheel module configured to allow wheel group members to use 'su' without credentials · pam_wheel not configured to verify UID
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.idefense.com/advisory/06.16.03.txt
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105577915506761&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-304.html

Scores

EPSS 0.0090
EPSS Percentile 54.9%

Details

Status published
Products (1)
andrew_morgan/linux_pam < 0.77
Published Jul 24, 2003
Tracked Since Feb 18, 2026