CVE-2005-1125

Libsafe <2.0.16 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1125. PoCs published by Overflow.pl, tagatac.

AI-analyzed exploit summary This exploit demonstrates a race condition in Libsafe 2.0-16 that allows bypassing its security mechanisms in multi-threaded applications. It uses two threads to trigger buffer overflows, exploiting the race condition to evade Libsafe's protection.

Description

Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Overflow.pl · cdoslinux
https://www.exploit-db.com/exploits/25429

This exploit demonstrates a race condition in Libsafe 2.0-16 that allows bypassing its security mechanisms in multi-threaded applications. It uses two threads to trigger buffer overflows, exploiting the race condition to evade Libsafe's protection.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Racy
Target: Libsafe 2.0-16
No auth needed
Prerequisites: Multi-threaded application with a memory corruption vulnerability · Libsafe 2.0-16 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by tagatac · poc
https://github.com/tagatac/libsafe-CVE-2005-1125

This repository contains a functional proof-of-concept exploit for CVE-2005-1125, targeting a vulnerability in Libsafe 2.0-16. The exploit demonstrates a bypass mechanism by interposing library functions and introducing delays to evade Libsafe's protection against buffer overflows.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Libsafe 2.0-16
No auth needed
Prerequisites: 32-bit architecture · Libsafe 2.0-16 installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/395999
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13190
Exploit, Vendor Advisory x_refsource_misc
http://www.overflow.pl/adv/libsafebypass.txt

Scores

EPSS 0.0674
EPSS Percentile 93.1%

Details

Status published
Products (16)
avaya/libsafe 2.0.1
avaya/libsafe 2.0.2
avaya/libsafe 2.0.3
avaya/libsafe 2.0.4
avaya/libsafe 2.0.5
avaya/libsafe 2.0.6
avaya/libsafe 2.0.7
avaya/libsafe 2.0.8
avaya/libsafe 2.0.9
avaya/libsafe 2.0.10
... and 6 more
Published May 02, 2005
Tracked Since Feb 18, 2026