CVE-2005-2943

XMail - Stack-based Buffer Overflow via Long -t Command Line Option

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2943. PoCs published by qaaz.

AI-analyzed exploit summary This exploit targets a local buffer overflow in XMail 1.21's sendmail component, leveraging ret-into-libc to execute arbitrary code with elevated privileges (uid root or gid mail). It dynamically resolves libc addresses and constructs a malicious payload to trigger the vulnerability.

Description

Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option.

Exploits (1)

exploitdb WORKING POC VERIFIED

by qaaz · clocallinux

https://www.exploit-db.com/exploits/1267

View Code ZIP pw:eip

This exploit targets a local buffer overflow in XMail 1.21's sendmail component, leveraging ret-into-libc to execute arbitrary code with elevated privileges (uid root or gid mail). It dynamically resolves libc addresses and constructs a malicious payload to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: XMail 1.21

No auth needed

Prerequisites: Local access to the target system · Presence of vulnerable XMail 1.21 installation · Ability to execute the exploit binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2005/dsa-902

Patch, Vendor Advisory third-party-advisory x_refsource_idefense

http://www.idefense.com/application/poi/display?id=321&type=vulnerabilities

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15103

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/22724

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200512-05.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18052

Various Sources x_refsource_confirm

http://www.xmailserver.org/ChangeLog.html#oct_12__2005_v_1_22

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/81

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/20010

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015055

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17637

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17194

Scores

EPSS 0.1534

EPSS Percentile 96.4%

Details

Status published

Products (21)

davide_libenzi/xmail 1.0

davide_libenzi/xmail 1.1

davide_libenzi/xmail 1.2

davide_libenzi/xmail 1.3

davide_libenzi/xmail 1.4

davide_libenzi/xmail 1.5

davide_libenzi/xmail 1.6

davide_libenzi/xmail 1.7

davide_libenzi/xmail 1.8

davide_libenzi/xmail 1.9

... and 11 more

Published Oct 13, 2005

Tracked Since Feb 18, 2026