Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0422 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Solaris

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.3%

top 50.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedJul 2

Latest updateApr 30

Description

Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/solaris2.6

▶NVDsun/sunos6 versions+5

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-6cj3-4wq8-r2m5: Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable↗2022-04-30

▶

CVEList

CVE-2001-0422: Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

Solaris 2.x/7.0/8 - Xsun HOME Buffer Overflow↗2001-04-10

▶