CVE-2003-0034

mtink - Buffer Overflow via HOME Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0034. PoCs published by Karol Wiesek.

AI-analyzed exploit summary The provided text describes a local buffer overflow vulnerability in mtink due to insufficient bounds checking of the HOME environment variable. Exploitation could lead to arbitrary code execution with elevated privileges if mtink is installed setgid 'sys'.

Description

Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Karol Wiesek · textlocallinux

https://www.exploit-db.com/exploits/22189

View Code ZIP pw:eip

The provided text describes a local buffer overflow vulnerability in mtink due to insufficient bounds checking of the HOME environment variable. Exploitation could lead to arbitrary code execution with elevated privileges if mtink is installed setgid 'sys'.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: mtink (version not specified)

No auth needed

Prerequisites: mtink installed with elevated privileges (e.g., setgid 'sys') · local access to the target system

MITRE ATT&CK