CVE-2005-1396

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1396. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This exploit targets a setuid vulnerability in the ARPUS/ce utility (CVE-2005-1396) by overflowing the XAPPLRESLANGPATH environment variable with shellcode to achieve local privilege escalation. The shellcode spawns a root shell by leveraging a buffer overflow and return address overwrite.

Description

Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · perllocallinux

https://www.exploit-db.com/exploits/974

View Code ZIP pw:eip

This exploit targets a setuid vulnerability in the ARPUS/ce utility (CVE-2005-1396) by overflowing the XAPPLRESLANGPATH environment variable with shellcode to achieve local privilege escalation. The shellcode spawns a root shell by leveraging a buffer overflow and return address overwrite.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: ARPUS/ce (version unspecified)

No auth needed

Prerequisites: Local access to the vulnerable system · Presence of the setuid ARPUS/ce binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · clocallinux

https://www.exploit-db.com/exploits/973