CVE-2002-0468

Ecartis - Buffer Overflow

Title source: rule

Description

Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.

Exploits (2)

exploitdb WORKING POC VERIFIED

by the itch · clocallinux

https://www.exploit-db.com/exploits/21342

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by the itch · clocallinux

https://www.exploit-db.com/exploits/21341

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://online.securityfocus.com/archive/82/258763

[Third Party Advisory] http://www.iss.net/security_center/static/8445.php

[Vendor Advisory] http://online.securityfocus.com/archive/1/269879

[Various Sources] http://www.ecartis.org/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4271

[Vendor Advisory] http://online.securityfocus.com/archive/1/269658

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/261209

[Mailing List] http://marc.info/?l=listar-support&m=101590272221720&w=2

Scores

EPSS 0.0066

EPSS Percentile 71.2%

Details

Status published

Products (5)

ecartis/ecartis 1.0.0_snapshot_2002-01-21

ecartis/ecartis 1.0.0_snapshot_2002-01-25

listar/listar 0.126a

listar/listar 0.127a

listar/listar 0.129a

Published Aug 12, 2002

Tracked Since Feb 18, 2026