CVE-2011-1496

tmux 1.3 and 1.4 - Privilege Escalation via -S Command-Line Option

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1496. PoCs published by ph0x90bic.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in tmux versions 1.3/1.4, where the '-S' option incorrectly sets the effective group ID to 'utmp'. This allows local users to execute commands with utmp group privileges, enabling log file manipulation.

Description

tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.

Exploits (1)

exploitdb WORKING POC
by ph0x90bic · textlocallinux
https://www.exploit-db.com/exploits/17147

This exploit leverages a privilege escalation vulnerability in tmux versions 1.3/1.4, where the '-S' option incorrectly sets the effective group ID to 'utmp'. This allows local users to execute commands with utmp group privileges, enabling log file manipulation.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: tmux 1.3/1.4
No auth needed
Prerequisites: Local access to a system with vulnerable tmux installed
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1015
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44081
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44239
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17147
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058452.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47283
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2212
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0897
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1002
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058548.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66693

Scores

EPSS 0.0095
EPSS Percentile 57.2%

Details

CWE
CWE-264
Status published
Products (2)
nicholas_marriott/tmux 1.3
nicholas_marriott/tmux 1.4
Published Apr 18, 2011
Tracked Since Feb 18, 2026