CVE-2003-1140

Musicqueue 1.2.0 - Buffer Overflow via Long Language Variable in Configuration File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1140. PoCs published by dong-h0un U.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Musicqueue CGI (CVE-2003-1140) by crafting a malicious 'musicqueue.conf' file and executing the CGI with a manipulated environment. The shellcode spawns a root shell by exploiting insufficient bounds checking in sprintf() calls.

Description

Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dong-h0un U · clocallinux

https://www.exploit-db.com/exploits/23303

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Musicqueue CGI (CVE-2003-1140) by crafting a malicious 'musicqueue.conf' file and executing the CGI with a manipulated environment. The shellcode spawns a root shell by exploiting insufficient bounds checking in sprintf() calls.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Musicqueue 0.9 to 1.1.1

No auth needed

Prerequisites: Local access to the system · Musicqueue CGI installed (potentially suid/sgid)

MITRE ATT&CK