CVE-2003-0840

HP-UX 11.00 - Local Privilege Escalation via DISPLAY Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0840. PoCs published by Davide Del Vecchio.

AI-analyzed exploit summary This exploit leverages a buffer overflow in dtprintinfo by setting the DISPLAY environment variable to a string exceeding 9777 bytes, potentially allowing local privilege escalation to root.

Description

Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Davide Del Vecchio · textdoshp-ux

https://www.exploit-db.com/exploits/23236

View Code ZIP pw:eip

This exploit leverages a buffer overflow in dtprintinfo by setting the DISPLAY environment variable to a string exceeding 9777 bytes, potentially allowing local privilege escalation to root.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: dtprintinfo (setuid root)

No auth needed

Prerequisites: Local access to the system · dtprintinfo installed setuid root

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=106563181313571&w=2

Scores

EPSS 0.0094

EPSS Percentile 56.4%

Details

Status published

Products (1)

hp/hp-ux 11.00

Published Nov 17, 2003

Tracked Since Feb 18, 2026