CVE-2003-0325
published 2003-06-09CVE-2003-0325: Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
PriorityP417medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
60.1th percentile
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ambrosia_software | maelstrom | <= 3.0.5 | — |
| ambrosia_software | maelstrom | — | — |
| debian | maelstrom | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_debian4.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2003-0325: maelstrom - Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to exe...
vendor_debian·2003·CVSS 4.6
CVE-2003-0325 [MEDIUM] CVE-2003-0325: maelstrom - Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to exe...
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-x5mp-frp8-x862: Buffer overflow in Maelstrom 3
ghsa_unreviewed·2022-04-29
CVE-2003-0325 [MEDIUM] GHSA-x5mp-frp8-x862: Buffer overflow in Maelstrom 3
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
No detection rules found.
Exploit-DB
Maelstrom Server 3.0.x - Argument Buffer Overflow (2)
exploitdb·2003-05-23
CVE-2003-0325 Maelstrom Server 3.0.x - Argument Buffer Overflow (2)
Maelstrom Server 3.0.x - Argument Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/7630/info
Maelstrom for Linux has been reported prone to a buffer overflow vulnerability.
The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It may be possible for a local attacker to exploit this condition and have malicious arbitrary code executed in the context of the Maelstrom application. Typically setGID games.
/* /usr/bin/Maelstrom local exploit
*** Sorry for my poor english.
*** Others exploit can't exploit my Maelstrom,So I
wrote this exploit just for fun.
*** I can't get a rootshell on my linux ,because it's
not SUID.
*** If it SUID ,this exploit can make you get a rootshell.
Exploit-DB
Maelstrom Server 3.0.x - Argument Buffer Overflow (3)
exploitdb·2003-05-20
CVE-2003-0325 Maelstrom Server 3.0.x - Argument Buffer Overflow (3)
Maelstrom Server 3.0.x - Argument Buffer Overflow (3)
---
// source: https://www.securityfocus.com/bid/7630/info
Maelstrom for Linux has been reported prone to a buffer overflow vulnerability.
The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It may be possible for a local attacker to exploit this condition and have malicious arbitrary code executed in the context of the Maelstrom application. Typically setGID games.
/*
* Maelstrom exploit By CMN
*
* Tested on
*
* Maelstrom v1.4.3 (GPL version 3.0.6)
* from Maelstrom-3.0.6-1.i386.rpm
*
* Maelstrom v1.4.3 (Linux version 3.0.3)
* from Gentoo port
*
*/
#include
#include
#include
#include
#define TARGET "/usr/bin/Maelstrom"
#define BUFSI
Exploit-DB
Maelstrom Server 3.0.x - Argument Buffer Overflow (1)
exploitdb·2003-05-20
CVE-2003-0325 Maelstrom Server 3.0.x - Argument Buffer Overflow (1)
Maelstrom Server 3.0.x - Argument Buffer Overflow (1)
---
source: https://www.securityfocus.com/bid/7630/info
Maelstrom for Linux has been reported prone to a buffer overflow vulnerability.
The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It may be possible for a local attacker to exploit this condition and have malicious arbitrary code executed in the context of the Maelstrom application. Typically setGID games.
#!/usr/bin/perl
# kokanin/DSR, gid games crap for /usr/ports/games/maelstrom -server bug
found by
# Luca Ercoli. This (ret/offset/shellcode) is made for FreeBSD 4.8-RELEASE.
# maelstrom-3.0.5 Asteroids-style game for X Window System
# shellcode by eSDee, he's cool. AV crap +
No writeups or analysis indexed.
2003-06-09
Published