CVE-2003-1358

HP-UX 10.0-11.22 - Privilege Escalation via PATH Environment Variable Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1358. PoCs published by Last Stage of Delirium.

AI-analyzed exploit summary This exploit targets a vulnerability in the rs.F3000 binary on HP-UX 10.20, where unsafe usage of the system() function allows command injection. It creates a malicious script in /tmp/rm, manipulates the PATH environment variable, and executes the vulnerable binary to gain a root shell.

Description

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Last Stage of Delirium · bashlocalhp-ux

https://www.exploit-db.com/exploits/22248

View Code ZIP pw:eip

This exploit targets a vulnerability in the rs.F3000 binary on HP-UX 10.20, where unsafe usage of the system() function allows command injection. It creates a malicious script in /tmp/rm, manipulates the PATH environment variable, and executes the vulnerable binary to gain a root shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: rs.F3000 binary on HP-UX 10.20

No auth needed

Prerequisites: Access to execute /usr/lib/X11/Xserver/ucode/screens/hp/rs.F3000 · Write permissions to /tmp directory

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp

http://www.securityfocus.com/advisories/4960

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/324381

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3236

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6837

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/11312

Scores

EPSS 0.0095

EPSS Percentile 56.7%

Details

CWE

CWE-264

Status published

Products (17)

hp/hp-ux 10.00

hp/hp-ux 10.01

hp/hp-ux 10.08

hp/hp-ux 10.09

hp/hp-ux 10.10

hp/hp-ux 10.16

hp/hp-ux 10.20

hp/hp-ux 10.24

hp/hp-ux 10.26

hp/hp-ux 10.30

... and 7 more

Published Dec 31, 2003

Tracked Since Feb 18, 2026