CVE-2009-0343

Niels Provos Systrace <1.6f - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0343. PoCs published by Chris Evans.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Systrace by making a syscall that bypasses access control restrictions. The code uses inline assembly to invoke syscall 1 (exit on i386, write on x86_64), exploiting a flaw in Systrace's policy enforcement.

Description

Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Chris Evans · clocallinux_x86-64

https://www.exploit-db.com/exploits/32751

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in Systrace by making a syscall that bypasses access control restrictions. The code uses inline assembly to invoke syscall 1 (exit on i386, write on x86_64), exploiting a flaw in Systrace's policy enforcement.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Systrace versions prior to 1.6f

No auth needed

Prerequisites: Local access to the target system · Systrace installed and running with vulnerable version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources x_refsource_misc

http://www.citi.umich.edu/u/provos/systrace/

Exploit x_refsource_misc

http://scary.beasts.org/security/CESA-2009-001.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33417

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/500377/100/0/threaded

Various Sources x_refsource_misc

http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html

Scores

EPSS 0.0082

EPSS Percentile 52.2%

Details

CWE

CWE-264

Status published

Products (11)

niels_provos/systrace 1.1

niels_provos/systrace 1.2

niels_provos/systrace 1.3

niels_provos/systrace 1.4

niels_provos/systrace 1.5

niels_provos/systrace 1.6

niels_provos/systrace 1.6a

niels_provos/systrace 1.6b

niels_provos/systrace 1.6c

niels_provos/systrace 1.6d

... and 1 more

Published Jan 29, 2009

Tracked Since Feb 18, 2026