CVE-2003-1167

KPopup 0.9.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1167. PoCs published by b0f.

AI-analyzed exploit summary This exploit leverages a PATH environment variable manipulation in kpopup to execute a malicious 'killall' script, which compiles and executes a setuid root shell. It is a local privilege escalation exploit targeting vulnerable versions of kpopup.

Description

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.

Exploits (1)

exploitdb WORKING POC VERIFIED
by b0f · clocallinux
https://www.exploit-db.com/exploits/23308

This exploit leverages a PATH environment variable manipulation in kpopup to execute a malicious 'killall' script, which compiles and executes a setuid root shell. It is a local privilege escalation exploit targeting vulnerable versions of kpopup.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: kpopup (KDE)
No auth needed
Prerequisites: Local access to the system · kpopup installed setuid root · GCC or equivalent compiler available
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/2742
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13540
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8915
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/342736
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10105

Scores

EPSS 0.0100
EPSS Percentile 58.5%

Details

Status published
Products (2)
gernot_stocker/kpopup 0.9.1
gernot_stocker/kpopup 0.9.5_pre2
Published Dec 31, 2003
Tracked Since Feb 18, 2026