Exploitation Summary
EIP tracks 1 public exploit for CVE-2000-0091. PoCs published by K2.
AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in vpopmail's vchkpw authentication mechanism, allowing remote code execution via a crafted username input. It includes platform-specific shellcode for Linux, Solaris, and FreeBSD.
Description
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by K2 · clocallinux
https://www.exploit-db.com/exploits/19727
This exploit targets a buffer overflow vulnerability in vpopmail's vchkpw authentication mechanism, allowing remote code execution via a crafted username input. It includes platform-specific shellcode for Linux, Solaris, and FreeBSD.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
vpopmail (vchkpw) versions 3.4.10a to 3.4.11e
No auth needed
Prerequisites:
Network access to the target's POP3 service (port 110) · Vulnerable version of vpopmail installed
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://www.inter7.com/vpopmail/ChangeLog
Various Sources x_refsource_misc
http://www.inter7.com/vpopmail/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/942
Scores
EPSS
0.1287
EPSS Percentile
95.8%
Details
Status
published
Products (10)
inter7/vpopmail
vchkpw_3.4.1
inter7/vpopmail
vchkpw_3.4.2
inter7/vpopmail
vchkpw_3.4.3
inter7/vpopmail
vchkpw_3.4.4
inter7/vpopmail
vchkpw_3.4.5
inter7/vpopmail
vchkpw_3.4.6
inter7/vpopmail
vchkpw_3.4.7
inter7/vpopmail
vchkpw_3.4.8
inter7/vpopmail
vchkpw_3.4.9
inter7/vpopmail
vchkpw_3.4.11
Published
Jan 21, 2000
Tracked Since
Feb 18, 2026