CVE-2009-0036

libvirt_proxy 0.5.1 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0036. PoCs published by Jon Oberheide.

AI-analyzed exploit summary This exploit targets a buffer overflow in libvirt_proxy <= 0.5.1 (CVE-2009-0036) by sending a malformed packet header followed by a NOP sled and shellcode to achieve local privilege escalation. It leverages uninitialized memory in the validation check to overwrite EIP and execute arbitrary code as root.

Description

Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jon Oberheide · clocallinux

https://www.exploit-db.com/exploits/8534

View Code ZIP pw:eip

This exploit targets a buffer overflow in libvirt_proxy <= 0.5.1 (CVE-2009-0036) by sending a malformed packet header followed by a NOP sled and shellcode to achieve local privilege escalation. It leverages uninitialized memory in the validation check to overwrite EIP and execute arbitrary code as root.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: libvirt_proxy <= 0.5.1

No auth needed

Prerequisites: Local access to the target system · libvirt_proxy setuid binary present · Ability to connect to the Unix socket at /tmp/livirt_proxy_conn

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →