CVE-2004-1915

LCDproc 0.4.x-0.4.4 - Remote Code Execution via parse_all_client_messages Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1915. PoCs published by wsxz.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in LCDproc Server (LCDd) 0.4.1 and lower, including buffer overflows and format string vulnerabilities, to achieve remote code execution. It includes shellcode for Linux and FreeBSD to spawn a reverse shell.

Description

Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments.

Exploits (1)

exploitdb WORKING POC VERIFIED

by wsxz · perlremotelinux

https://www.exploit-db.com/exploits/23936

View Code ZIP pw:eip

This exploit targets multiple vulnerabilities in LCDproc Server (LCDd) 0.4.1 and lower, including buffer overflows and format string vulnerabilities, to achieve remote code execution. It includes shellcode for Linux and FreeBSD to spawn a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LCDproc Server (LCDd) 0.4.1 and lower

No auth needed

Prerequisites: Network access to the target server · LCDproc Server (LCDd) version 0.4.1 or lower

MITRE ATT&CK