CVE-2003-0408

Uptime Client <5.0b7 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0408. PoCs published by Gino Thomas.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in UpClient 5.0b7 on FreeBSD by passing an excessively long command-line argument. It uses a NOP sled and shellcode to spawn a shell with elevated privileges (typically setuid kmem).

Description

Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gino Thomas · clocalfreebsd

https://www.exploit-db.com/exploits/22661

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in UpClient 5.0b7 on FreeBSD by passing an excessively long command-line argument. It uses a NOP sled and shellcode to spawn a shell with elevated privileges (typically setuid kmem).

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: UpClient 5.0b7

No auth needed

Prerequisites: Local access to the target system · UpClient 5.0b7 installed · FreeBSD 4.8 environment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/12131.php

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/7703

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105405629622652&w=2

Scores

EPSS 0.0109

EPSS Percentile 61.0%

Details

Status published

Products (1)

the_uptimes_project/upclient 5.0b7

Published Jun 30, 2003

Tracked Since Feb 18, 2026