CVE-2003-0497

Caché Database 5.x - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0497. PoCs published by Larry W. Cashdollar.

AI-analyzed exploit summary This exploit leverages insecure default permissions on InterSystems Cache files and directories to overwrite the 'cache' binary with a shell (ash), then executes it via the setuid 'cuxs' binary to gain root privileges.

Description

Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Larry W. Cashdollar · textlocallinux

https://www.exploit-db.com/exploits/22847

View Code ZIP pw:eip

This exploit leverages insecure default permissions on InterSystems Cache files and directories to overwrite the 'cache' binary with a shell (ash), then executes it via the setuid 'cuxs' binary to gain root privileges.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: InterSystems Cache 5.0.2.607.1_linux_su.tar

No auth needed

Prerequisites: Local access to the system · Presence of the vulnerable InterSystems Cache installation with insecure permissions

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources third-party-advisory x_refsource_idefense

http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7

Various Sources x_refsource_confirm

https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/

Scores

EPSS 0.0079

EPSS Percentile 51.3%

Details

CWE

CWE-264

Status published

Products (1)

intersystems/cache_database 5

Published Aug 07, 2003

Tracked Since Feb 18, 2026