CVE-2003-1139

musicqueue 1.2.0 - Arbitrary File Overwrite via Symlink Attack on Crash File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1139. PoCs published by dong-h0un U.

AI-analyzed exploit summary This exploit leverages a symbolic link attack in Musicqueue's signal handling procedure to overwrite critical files, such as /etc/passwd, by creating a predictable filename in /tmp. It demonstrates local privilege escalation by adding a malicious user entry with root privileges.

Description

Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dong-h0un U · clocallinux

https://www.exploit-db.com/exploits/23297

View Code ZIP pw:eip

This exploit leverages a symbolic link attack in Musicqueue's signal handling procedure to overwrite critical files, such as /etc/passwd, by creating a predictable filename in /tmp. It demonstrates local privilege escalation by adding a malicious user entry with root privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: musicqueue.cgi v1.2.0

No auth needed

Prerequisites: Local access to the system · musicqueue.cgi installed with suid root privileges

MITRE ATT&CK