CVE-2003-0947

wireless_tools - Buffer Overflow via Long OUT Environment Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2003-0947. PoCs published by heka, NrAziz, axis.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in iwconfig (CVE-2003-0947) to achieve local privilege escalation. It overwrites the return address with a shellcode payload that spawns a root shell.

Description

Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.

Exploits (4)

exploitdb WORKING POC VERIFIED
by heka · clocallinux
https://www.exploit-db.com/exploits/23300

This exploit targets a buffer overflow vulnerability in iwconfig (CVE-2003-0947) to achieve local privilege escalation. It overwrites the return address with a shellcode payload that spawns a root shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: iwconfig (wireless-tools)
No auth needed
Prerequisites: Local access to the target system · iwconfig binary present and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by NrAziz · clocallinux
https://www.exploit-db.com/exploits/23301

This exploit leverages a buffer overflow in iwconfig when handling large strings as interface parameters. It overwrites the return address with a hardcoded stack address (0xbffffc3f) and executes shellcode to spawn a shell, achieving local privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: iwconfig (wireless-tools package, versions prior to fix for CVE-2003-0947)
No auth needed
Prerequisites: Local access to the target system · iwconfig binary with vulnerable version · Stack address predictability (ASLR not present or bypassed)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by axis · clocallinux
https://www.exploit-db.com/exploits/23299

This exploit targets a local privilege escalation vulnerability in iwconfig (CVE-2003-0947) by overflowing a buffer with a crafted environment variable and shellcode. The shellcode executes a shell, potentially granting elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: iwconfig (version not specified)
No auth needed
Prerequisites: Local access to the target system · iwconfig installed with vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
clocallinux
https://www.exploit-db.com/exploits/1215

This exploit targets a buffer overflow vulnerability in iwconfig version 26, leveraging a setuid binary to achieve local privilege escalation. It uses a 45-byte shellcode to spawn a shell and manipulates the environment variables to trigger the overflow.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: iwconfig version 26
No auth needed
Prerequisites: iwconfig binary must be setuid root · target system must be running iwconfig version 26
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106867458902521&w=2

Scores

EPSS 0.0009
EPSS Percentile 25.9%

Details

CWE
CWE-120
Status published
Products (8)
wireless_tools_project/wireless_tools 19
wireless_tools_project/wireless_tools 20
wireless_tools_project/wireless_tools 21
wireless_tools_project/wireless_tools 22
wireless_tools_project/wireless_tools 23
wireless_tools_project/wireless_tools 24
wireless_tools_project/wireless_tools 25
wireless_tools_project/wireless_tools 26
Published Dec 15, 2003
Tracked Since Feb 18, 2026