CVE-2006-0177

Cray UNICOS 9.0.2.2 - Local Privilege Escalation via Long Command Line Argument or File Line

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-0177. PoCs published by Micheal Turner.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow in Cray UNICOS's `/usr/bin/script` utility due to insufficient bounds checking of command-line parameters. The PoC uses a Perl one-liner to generate a long string of 'A's, which triggers the overflow and can lead to arbitrary code execution with superuser privileges.

Description

Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Micheal Turner · textlocallinux
https://www.exploit-db.com/exploits/27065

This exploit demonstrates a local buffer overflow in Cray UNICOS's `/usr/bin/script` utility due to insufficient bounds checking of command-line parameters. The PoC uses a Perl one-liner to generate a long string of 'A's, which triggers the overflow and can lead to arbitrary code execution with superuser privileges.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Cray UNICOS 9.0.2.2
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable `/usr/bin/script` utility
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Micheal Turner · textlocallinux
https://www.exploit-db.com/exploits/27066

This exploit leverages a buffer overflow in Cray UNICOS utilities with setuid-superuser privileges by injecting a large payload into a script file executed by '/etc/nu'. The overflow occurs due to insufficient bounds checking of command line parameters.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Cray UNICOS 9.0.2.2
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable setuid utilities
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24276
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16205

Scores

EPSS 0.0104
EPSS Percentile 59.6%

Details

Status published
Products (1)
cray/unicos 9.0.2.2
Published Jan 11, 2006
Tracked Since Feb 18, 2026