EIP-2026-102973

PRE-CVE

RedHat 9.0 / Slackware 8.1 - '/bin/mail' Carbon Copy Field Buffer Overrun

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102973. PoCs published by [email protected].

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Linux /bin/mail utility by injecting a large payload into the carbon copy field. It includes shellcode to spawn a shell and is designed to work on specific Linux distributions like Redhat 9.0 and Slackware 8.1.

Description

RedHat 9.0 / Slackware 8.1 - '/bin/mail' Carbon Copy Field Buffer Overrun

Exploits (1)

exploitdb WORKING POC VERIFIED

by [email protected] · perllocallinux

https://www.exploit-db.com/exploits/22695

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the Linux /bin/mail utility by injecting a large payload into the carbon copy field. It includes shellcode to spawn a shell and is designed to work on specific Linux distributions like Redhat 9.0 and Slackware 8.1.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Linux /bin/mail utility (versions on Redhat 9.0, Slackware 8.1)

No auth needed

Prerequisites: Access to the target system's mail utility · Ability to send crafted input to the mail command

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026