CVE-2005-3098

Qualcomm qpopper <4.0.8 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3098. PoCs published by kingcope.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Qpopper's poppassd by manipulating the LD_PRELOAD environment variable to execute arbitrary code as root. It compiles a shared library to hijack execution flow and spawns a root shell.

Description

poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.

Exploits (2)

exploitdb WORKING POC VERIFIED
by kingcope · bashlocallinux
https://www.exploit-db.com/exploits/1229

This exploit leverages a local privilege escalation vulnerability in Qpopper's poppassd by manipulating the LD_PRELOAD environment variable to execute arbitrary code as root. It compiles a shared library to hijack execution flow and spawns a root shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Qpopper poppassd (latest version as of 2005)
No auth needed
Prerequisites: Local access to the target system · Qpopper poppassd installed at /usr/local/bin/poppassd · GCC and basic build tools available
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by kingcope · bashlocalbsd
https://www.exploit-db.com/exploits/1230

This exploit leverages a vulnerability in FreeBSD's Qpopper poppassd by manipulating the libmap.conf file to load a malicious shared library, resulting in local privilege escalation to root. The exploit creates a custom shared library that executes a shell with elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: FreeBSD Qpopper poppassd (tested on FreeBSD 5.4-RELEASE)
No auth needed
Prerequisites: Local access to the target system · Qpopper poppassd installed · Write permissions to /etc/libmap.conf
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14944
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16935
Exploit, Vendor Advisory mailing-list x_refsource_fulldisc
http://seclists.org/lists/fulldisclosure/2005/Sep/0652.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1844

Scores

EPSS 0.0058
EPSS Percentile 42.9%

Details

Status published
Products (1)
qualcomm/qpopper 4.0.8
Published Sep 28, 2005
Tracked Since Feb 18, 2026