CVE-2002-1414
qmailadmin - Local Privilege Escalation via QMAILADMIN_TEMPLATEDIR Environment Variable
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1414. PoCs published by Thomas Cannon.
AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in qmailadmin (CVE-2002-1414) by manipulating the QMAILADMIN_TEMPLATEDIR environment variable. It uses shellcode to spawn a shell with elevated privileges (euid=vpopmail).
Description
Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Thomas Cannon · clocallinux
https://www.exploit-db.com/exploits/21683
This exploit targets a buffer overflow vulnerability in qmailadmin (CVE-2002-1414) by manipulating the QMAILADMIN_TEMPLATEDIR environment variable. It uses shellcode to spawn a shell with elevated privileges (euid=vpopmail).
Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target:
qmailadmin (Inter7)
No auth needed
Prerequisites:
Local access to the system · qmailadmin installed with setuid permissions
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9786.php
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0016.html
Mailing List mailing-list
x_refsource_vuln-dev
http://marc.info/?l=vuln-dev&m=102859603029424&w=2
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5404
Various Sources x_refsource_confirm
http://www.inter7.com/qmailadmin/ChangeLog
Scores
EPSS
0.0086
EPSS Percentile
53.8%
Details
Status
published
Products (6)
inter7/qmailadmin
1.0
inter7/qmailadmin
1.0.1
inter7/qmailadmin
1.0.2
inter7/qmailadmin
1.0.3
inter7/qmailadmin
1.0.4
inter7/qmailadmin
1.0.5
Published
Apr 11, 2003
Tracked Since
Feb 18, 2026