CVE-2004-0393
rlpr 2.0.4 - Remote Code Execution via Format String in msg Function
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2004-0393. PoCs published by jaguar, [email protected].
AI-analyzed exploit summary This exploit targets CVE-2004-0393, a format string vulnerability in the rlpr utility. It uses a two-stage shellcode approach to achieve remote code execution by overwriting memory addresses and spawning a shell.
Description
Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.
Exploits (2)
This exploit targets CVE-2004-0393, a format string vulnerability in the rlpr utility. It uses a two-stage shellcode approach to achieve remote code execution by overwriting memory addresses and spawning a shell.
This exploit targets a format string vulnerability in rlpr versions 2.04 and prior, allowing remote code execution via crafted input to the 'msg()' function. It includes shellcode for Linux to spawn a shell and supports bruteforce targeting for memory addresses.