Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0426 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Solaris

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.4%

top 39.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedJul 2

Latest updateApr 30

Description

Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/solaris2.6, 7.0, 8.0+2

▶NVDsun/sunos5.7, 5.8+1

🔴Vulnerability Details

GHSA

GHSA-7f96-32pr-5cjh: Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental var↗2022-04-30

▶

CVEList

CVE-2001-0426: Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental var↗2001-05-24

▶

💥Exploits & PoCs

Exploit-DB

SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Local Buffer Overflow↗2001-04-11

▶