Vulnerabilities > CVE-2004-0524 - Buffer Overrun vulnerability in SquirrelMail Change_Passwd Plug-in

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

thiago-melo-de-paula

critical

exploit available

NVD

Published: 2004-08-06

Updated: 2017-07-11

Summary

Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.

Vulnerable Configurations

Part	Description	Count
Application	Thiago_Melo_De_Paula Thiago Melo DE Paula Change Passwd 3.1.1.2.8	1

Exploit-Db

description	SquirrelMail chpasswd buffer overflow. CVE-2004-0524. Local exploit for linux platform
id	EDB-ID:273
last seen	2016-01-31
modified	2004-04-20
published	2004-04-20
reporter	x314
source	https://www.exploit-db.com/download/273/
title	SquirrelMail chpasswd Buffer Overflow

description	SquirrelMail (chpasswd) Local Root Bruteforce Exploit. CVE-2004-0524. Local exploit for linux platform
id	EDB-ID:417
last seen	2016-01-31
modified	2004-08-25
published	2004-08-25
reporter	Bytes
source	https://www.exploit-db.com/download/417/
title	SquirrelMail chpasswd Local Root Bruteforce Exploit

Summary

Vulnerable Configurations

Exploit-Db

References