CVE-2008-7232

xtacacsd < 4.1.2 - Remote Code Execution via Crafted CONNECT TACACS Command

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-7232. PoCs published by MC, including Metasploit module exploits/freebsd/tacacs/xtacacsd_report.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in XTACACSD <= 4.1.2 by sending a crafted XTACACS packet with an overly long username, potentially allowing arbitrary code execution. It uses a brute-force approach to target FreeBSD 6.2-Release.

Description

Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by MC · rubyremotebsd

https://www.exploit-db.com/exploits/10035

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in XTACACSD <= 4.1.2 by sending a crafted XTACACS packet with an overly long username, potentially allowing arbitrary code execution. It uses a brute-force approach to target FreeBSD 6.2-Release.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XTACACSD <= 4.1.2

No auth needed

Prerequisites: Network access to the target system · XTACACSD service running on UDP port 49

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocbsd

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/tacacs/xtacacsd_report.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in XTACACSD by sending a crafted XTACACS packet with an overly long username. It targets FreeBSD 6.2-Release and uses a brute-force approach to bypass ASLR.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XTACACSD <= 4.1.2

No auth needed

Prerequisites: Network access to UDP port 49 · Target running vulnerable XTACACSD version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources x_refsource_misc

http://aluigi.org/poc/xtacacsdz.zip

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/xtacacsdz-adv.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39551

Scores

EPSS 0.2451

EPSS Percentile 97.6%

Details

CWE

CWE-119

Status published

Products (11)

netplex-tech/xtacacsd 2.0

netplex-tech/xtacacsd 3.0

netplex-tech/xtacacsd 3.1

netplex-tech/xtacacsd 3.2

netplex-tech/xtacacsd 3.3

netplex-tech/xtacacsd 3.4

netplex-tech/xtacacsd 3.5

netplex-tech/xtacacsd 4.0

netplex-tech/xtacacsd 4.1

netplex-tech/xtacacsd 4.1.1

... and 1 more

Published Sep 14, 2009

Tracked Since Feb 18, 2026