CVE-2005-1019

Aeon 0.2a - Buffer Overflow via HOME Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1019. PoCs published by patr0n, lammat.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in aeon-0.2a by overflowing the HOME environment variable. It uses a standard shellcode to spawn a shell, with a NOP sled and a calculated return address to achieve remote code execution.

Description

Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable.

Exploits (2)

exploitdb WORKING POC VERIFIED

by patr0n · clocallinux

https://www.exploit-db.com/exploits/914

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in aeon-0.2a by overflowing the HOME environment variable. It uses a standard shellcode to spawn a shell, with a NOP sled and a calculated return address to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: aeon-0.2a

No auth needed

Prerequisites: Local access to the target system · aeon-0.2a installed in the specified path

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by lammat · perllocallinux

https://www.exploit-db.com/exploits/913

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Aeon-mail relay agent for Linux (aeon-0.2a). It uses a 29-byte execve(/bin/sh) shellcode to achieve remote code execution by overflowing the buffer via the HOME environment variable.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Aeon-mail relay agent for Linux version 0.2a

No auth needed

Prerequisites: Aeon-mail relay agent for Linux version 0.2a installed · Perl interpreter

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://security-tmp.h14.ru/exploits/23laeon.c.txt

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111262942708249&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19951

Scores

EPSS 0.0111

EPSS Percentile 61.5%

Details

Status published

Products (4)

aeon/aeon 0.1.8

aeon/aeon 0.1.9

aeon/aeon 0.2

aeon/aeon 0.2a

Published May 02, 2005

Tracked Since Feb 18, 2026