EIP-2026-102740

PRE-CVE

Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102740. PoCs published by sinfony.

AI-analyzed exploit summary This exploit leverages a symlink vulnerability in SlackWare Linux's /usr/bin/ppp-off script, which writes the output of 'ps x' to /tmp/grep.tmp as root. An attacker can create a symlink from /tmp/grep.tmp to a sensitive file (e.g., /etc/passwd) to overwrite its contents with process information.

Description

Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call

Exploits (1)

exploitdb WORKING POC VERIFIED

by sinfony · bashdoslinux

https://www.exploit-db.com/exploits/185

View Code ZIP pw:eip

This exploit leverages a symlink vulnerability in SlackWare Linux's /usr/bin/ppp-off script, which writes the output of 'ps x' to /tmp/grep.tmp as root. An attacker can create a symlink from /tmp/grep.tmp to a sensitive file (e.g., /etc/passwd) to overwrite its contents with process information.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: SlackWare Linux (ppp-off script)

No auth needed

Prerequisites: Access to a system with SlackWare Linux and the ppp-off script · Ability to create symlinks in /tmp

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026