CVE-2003-0961

EXPLOITED

Linux kernel <2.4.22 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2003-0961 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Wojciech Purczynski, Christophe Devine.

AI-analyzed exploit summary This exploit targets a Linux kernel vulnerability (CVE-2003-0961) in the do_brk system call, allowing local privilege escalation by manipulating memory mappings and LDT entries to execute arbitrary kernel code.

Description

Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Wojciech Purczynski · clocallinux

https://www.exploit-db.com/exploits/131

View Code ZIP pw:eip

This exploit targets a Linux kernel vulnerability (CVE-2003-0961) in the do_brk system call, allowing local privilege escalation by manipulating memory mappings and LDT entries to execute arbitrary kernel code.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel (versions prior to 2.4.23 and 2.6.0)

No auth needed

Prerequisites: Local access to the vulnerable system · Kernel version vulnerable to CVE-2003-0961

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Christophe Devine · assemblylocallinux

https://www.exploit-db.com/exploits/129

View Code ZIP pw:eip

This exploit leverages a vulnerability in the Linux kernel's `brk` system call to bypass memory checks by using a high virtual address. It also relocates the stack to ensure successful exploitation, targeting local privilege escalation (LPE).

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2003-0961)

No auth needed

Prerequisites: Local access to the target system · Vulnerable Linux kernel version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (25)

Core 25

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/301156

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-389.html

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2003:110

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-368.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-475

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-470

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10330

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-433

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-423

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=107064830206816&w=2

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2003_049_kernel.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-450

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-440

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=107394143105081&w=2

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10328

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10329

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-439

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10338

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10333

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=107064798706473&w=2

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-417

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2003/dsa-403

Various Sources x_refsource_misc

http://isec.pl/papers/linux_kernel_do_brk.pdf

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-442

Scores

EPSS 0.0130

EPSS Percentile 80.2%

Details

VulnCheck KEV 2003-12-19

Status published

Products (1)

linux/linux_kernel < 2.4.22

Published Dec 15, 2003

Tracked Since Feb 18, 2026