Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0977 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Solaris

10 documents6 sources

Severity

10.0CRITICALNVD

EPSS

5.9%

top 9.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedDec 10

Latest updateApr 30

Description

Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/solaris4 versions+3

▶NVDsun/sunos5.5, 5.5.1, 5.7+2

🔴Vulnerability Details

GHSA

GHSA-f9m6-4jv9-8v79: Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request↗2022-04-30

▶

CVEList

CVE-1999-0977: Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request↗2000-01-04

▶

💥Exploits & PoCs

Exploit-DB

Solaris sadmind - Remote Buffer Overflow↗2000-12-01

▶

Exploit-DB

Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (3)↗2000-11-10

▶

Exploit-DB

Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (4)↗1999-12-10

▶

Exploit-DB

Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (1)↗1999-06-24

▶

Exploit-DB

Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (2)↗1999-06-24

▶

🔍Detection Rules

Suricata

GPL RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt↗2010-09-23

▶

📄Research Papers

arXiv

RANK: AI-assisted End-to-End Architecture for Detecting Persistent Attacks in Enterprise Networks↗2021-01-06

▶