CVE-1999-0321
published 1998-12-01CVE-1999-0321: Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.89%
54.9th percentile
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Solaris 2.5.1 - 'kcms' Local Buffer Overflow (2)
exploitdb·1998-12-24
CVE-1999-0321 Solaris 2.5.1 - 'kcms' Local Buffer Overflow (2)
Solaris 2.5.1 - 'kcms' Local Buffer Overflow (2)
---
/*
source: https://www.securityfocus.com/bid/452/info
There is an unchecked sprintf() call in the versions of /usr/openwin/bin/kcms_configure shipped with solaris 2.5, 2.5.1 and 2.6. Unfortunately, kcms_configure is installed setuid root, making it possible for an attacker to overflow the buffer and have arbitrary code executed with superuser privileges. The consequence of this vulnerability being exploited is a local root compromise.
UNYUN@ShadowPenguinSecurity$B$G$9(B
$B $B$J$*!"(BSolaris7 Sparc Edition$B$K$bF1MM$NLdBj$,$"$j$^$9$,!"(B
> Solaris2.6(Sparc)$B$G$O:F8=$7$^$;$s$G$7$?!#(B
Solaris 2.6 (Sparc)$B$G$b:F8=$9$k$h$&$G$9!#(B
Solaris 2.6 (Sparc)$B$O%3%s%=!uBV$G%A%'%C%/$7$?$N$G$9$,!"%3(B
$B%s%=!$N%^%7%s$+$i$N(Bteln
Exploit-DB
Solaris 2.5.1 - 'kcms' Local Buffer Overflow (1)
exploitdb·1998-12-24
CVE-1999-0321 Solaris 2.5.1 - 'kcms' Local Buffer Overflow (1)
Solaris 2.5.1 - 'kcms' Local Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/452/info
There is an unchecked sprintf() call in the versions of /usr/openwin/bin/kcms_configure shipped with solaris 2.5, 2.5.1 and 2.6. Unfortunately, kcms_configure is installed setuid root, making it possible for an attacker to overflow the buffer and have arbitrary code executed with superuser privileges. The consequence of this vulnerability being exploited is a local root compromise.
/**
*** kcmsex - i386 Solaris root exploit for /usr/openwin/bin/kcms_configure
***
*** Tested and confirmed under Solaris 2.6 i386
***
*** Usage: % kcmsex [offset]
***
*** where offset (if present) is the number of bytes to add to the stack
*** pointer to calculate your target return address; try -1000
No writeups or analysis indexed.
1998-12-01
Published