CVE-2004-1388

BerliOS GPD daemon 1.9.0-2.7 - Remote Code Execution via Format String in GPS Request

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2004-1388. PoCs published by Metasploit, Enseirb, Yann Senotier, including Metasploit module exploits/linux/http/gpsd_format_string.

AI-analyzed exploit summary This is a Metasploit module exploiting a format string vulnerability in Berlios GPSD server (CVE-2004-1388). It crafts a malicious payload to overwrite memory addresses, leading to remote code execution.

Description

Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/16853

View Code ZIP pw:eip

This is a Metasploit module exploiting a format string vulnerability in Berlios GPSD server (CVE-2004-1388). It crafts a malicious payload to overwrite memory addresses, leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Berlios GPSD server versions 1.91-2.7

No auth needed

Prerequisites: Network access to the target GPSD server on port 2947

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Enseirb · remotelinux

https://www.exploit-db.com/exploits/3099

View Code ZIP pw:eip

This exploit targets a format string vulnerability in Berlios GPSD server (CVE-2004-1388). It crafts a malicious payload to overwrite memory addresses, leading to remote code execution on vulnerable Linux systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Berlios GPSD server versions 1.91-2.7

No auth needed

Prerequisites: Network access to the target GPSD server · Vulnerable version of GPSD running on Linux x86

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Yann Senotier · rubyremotelinux

https://www.exploit-db.com/exploits/10029

View Code ZIP pw:eip

This exploit targets a format string vulnerability in Berlios GPSD server (CVE-2004-1388) to achieve remote code execution. It leverages a crafted payload with format string specifiers to overwrite memory addresses and execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Berlios GPSD server versions 1.91-2.7

No auth needed

Prerequisites: Network access to the target GPSD server on port 2947

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by JohnH · cremotelinux

https://www.exploit-db.com/exploits/775

View Code ZIP pw:eip

This exploit targets a format string vulnerability in gpsd versions 1.91 to 2.7, allowing remote code execution via a crafted payload. It includes shellcode and brute-force addresses for various Linux distributions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: gpsd (versions 1.91-2.7)

No auth needed

Prerequisites: Network access to the target's GPSD port (2947) · Vulnerable gpsd version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/gpsd_format_string.rb

View Code ZIP pw:eip

This Metasploit module exploits a format string vulnerability in Berlios GPSD server (CVE-2004-1388) to achieve remote code execution. It uses a crafted payload with format string specifiers to overwrite memory addresses and execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Berlios GPSD server versions 1.91-2.7

No auth needed

Prerequisites: Network access to the target GPSD server on port 2947

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Patch mailing-list x_refsource_mlist

http://lists.berlios.de/pipermail/gpsd-announce/2005-January/000018.html

Exploit x_refsource_misc

http://www.digitalmunition.com/DMA%5B2005-0125a%5D.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19079

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110677341711505&w=2

Mailing List x_refsource_confirm

http://www.mail-archive.com/debian-bugs-closed%40lists.debian.org/msg02103.html

Scores

EPSS 0.6819

EPSS Percentile 99.2%

Details

Status published

Products (17)

berlios/gps_daemon 1.9.0

berlios/gps_daemon 1.25

berlios/gps_daemon 1.26

berlios/gps_daemon 1.91

berlios/gps_daemon 1.92

berlios/gps_daemon 1.93

berlios/gps_daemon 1.94

berlios/gps_daemon 1.95

berlios/gps_daemon 1.96

berlios/gps_daemon 1.97

... and 7 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026