CVE-2015-7556

HIGH

DeleGate 9.9.13 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7556. PoCs published by Larry W. Cashdollar.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in DeleGate v9.9.13 by abusing the setuid binary dgcpnod to create a file in /etc/cron.hourly, allowing arbitrary command execution as root.

Description

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.

Exploits (1)

exploitdb WORKING POC

by Larry W. Cashdollar · textlocallinux

https://www.exploit-db.com/exploits/39134

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in DeleGate v9.9.13 by abusing the setuid binary dgcpnod to create a file in /etc/cron.hourly, allowing arbitrary command execution as root.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: DeleGate v9.9.13

No auth needed

Prerequisites: Local access to a system with DeleGate v9.9.13 installed and setuid binaries configured

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1053 - Scheduled Task/Job

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

http://www.vapidlabs.com/advisory.php?v=159

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2015/Dec/123

Scores

CVSS v3 7.8

EPSS 0.0129

EPSS Percentile 66.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

delegate/delegate 9.9.13

Published Jan 15, 2020

Tracked Since Feb 18, 2026