CVE-2004-0524

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-0524. PoCs published by Bytes, x314.

AI-analyzed exploit summary This exploit targets a local buffer overflow in Squirrelmail's chpasswd utility (CVE-2004-0524) to achieve privilege escalation via a bruteforce return address attack. It uses a setuid(0) shellcode to spawn a root shell.

Description

Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Bytes · clocallinux

https://www.exploit-db.com/exploits/417

View Code ZIP pw:eip

This exploit targets a local buffer overflow in Squirrelmail's chpasswd utility (CVE-2004-0524) to achieve privilege escalation via a bruteforce return address attack. It uses a setuid(0) shellcode to spawn a root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Squirrelmail chpasswd (version not specified)

Auth required

Prerequisites: Local access to the system · User must be in a webserver group (e.g., www, webmaster) · chpasswd binary must be present and vulnerable

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by x314 · clocallinux

https://www.exploit-db.com/exploits/273

View Code ZIP pw:eip

This exploit leverages a buffer overflow in SquirrelMail's chpasswd utility to execute arbitrary shellcode, granting local root access. The shellcode spawns a shell, and the exploit constructs a malicious environment to trigger the overflow.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: SquirrelMail chpasswd (version not specified, likely older versions)

No auth needed

Prerequisites: Local access to the system · Presence of vulnerable SquirrelMail chpasswd binary

MITRE ATT&CK