CVE-2003-0487

Kerio MailServer 5.6.3 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2003-0487. PoCs published by B-r00t, David F.Madrid.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Kerio MailServer 5.6.3 via a crafted HTTP request with a malicious 'folder' parameter. It appends a root user to /etc/passwd, allowing privilege escalation to UID 0.

Description

Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.

Exploits (5)

exploitdb WORKING POC VERIFIED
by B-r00t · cremotelinux
https://www.exploit-db.com/exploits/46

This exploit targets a buffer overflow vulnerability in Kerio MailServer 5.6.3 via a crafted HTTP request with a malicious 'folder' parameter. It appends a root user to /etc/passwd, allowing privilege escalation to UID 0.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kerio MailServer 5.6.3
Auth required
Prerequisites: Valid user credentials · User ID cookie from Kerio webmail · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by David F.Madrid · textdoslinux
https://www.exploit-db.com/exploits/22800

This exploit demonstrates a buffer overflow vulnerability in Kerio MailServer's webmail component by sending an excessively long username via the 'showuser' parameter. The lack of bounds checking may allow arbitrary code execution with the privileges of the Kerio MailServer process.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Kerio MailServer (version not specified)
No auth needed
Prerequisites: Network access to the Kerio MailServer webmail interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by David F.Madrid · textdoslinux
https://www.exploit-db.com/exploits/22802

This exploit targets a buffer overflow vulnerability in Kerio MailServer's webmail component by sending an excessively long username in the 'folder' parameter. Successful exploitation could lead to arbitrary code execution with the privileges of the Kerio MailServer process.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Kerio MailServer (version not specified)
No auth needed
Prerequisites: Access to the Kerio MailServer webmail interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by David F.Madrid · textdoslinux
https://www.exploit-db.com/exploits/22803

This exploit demonstrates a buffer overflow vulnerability in Kerio MailServer's webmail component by sending an excessively long 'user' parameter in a URL request. The lack of bounds checking may allow arbitrary code execution with the privileges of the MailServer process.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Kerio MailServer (version not specified)
No auth needed
Prerequisites: Network access to the Kerio MailServer webmail interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by David F.Madrid · textdoslinux
https://www.exploit-db.com/exploits/22801

This exploit demonstrates a buffer overflow vulnerability in Kerio MailServer's webmail component by sending an excessively long username in the 'folder' parameter. The lack of bounds checking may allow arbitrary code execution with the privileges of the Kerio MailServer process.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Kerio MailServer (version not specified)
No auth needed
Prerequisites: Network access to the Kerio MailServer webmail interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7967
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12368
Exploit, Vendor Advisory x_refsource_misc
http://nautopia.org/vulnerabilidades/kerio_mailserver.htm
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105596982503760&w=2

Scores

EPSS 0.1137
EPSS Percentile 95.4%

Details

Status published
Products (1)
kerio/kerio_mailserver 5.6.3
Published Aug 07, 2003
Tracked Since Feb 18, 2026