CVE-2002-0468

Ecartis 1.0.0 - Buffer Overflow via Long Command Line Argument

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-0468. PoCs published by the itch.

AI-analyzed exploit summary This exploit targets a local buffer overflow in Ecartis (formerly Listar) by overwriting the return address with a hardcoded stack address and executing shellcode to spawn a shell with setreuid(508). It relies on environment variables to pass the payload.

Description

Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.

Exploits (2)

exploitdb WORKING POC VERIFIED

by the itch · clocallinux

https://www.exploit-db.com/exploits/21342

View Code ZIP pw:eip

This exploit targets a local buffer overflow in Ecartis (formerly Listar) by overwriting the return address with a hardcoded stack address and executing shellcode to spawn a shell with setreuid(508). It relies on environment variables to pass the payload.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Ecartis (Listar) mailing list management software

No auth needed

Prerequisites: Local access to the system · Ecartis installed and running · Stack address may need adjustment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by the itch · clocallinux

https://www.exploit-db.com/exploits/21341

View Code ZIP pw:eip

This exploit targets a local buffer overflow in Ecartis (formerly Listar) version 0.129a. It overwrites the return address to execute shellcode, granting arbitrary code execution as the 'listar' user.