CVE-2001-0594
published 2001-08-02CVE-2001-0594: kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
PriorityP415medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.95%
56.9th percentile
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (1)
exploitdb·2001-04-09
CVE-2001-0594 Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (1)
Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/2558/info
The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcms_configure, a part of KCMS, is vulnerable to a buffer overflow if it is passed an overly long string on the command-line by a local user. kcms_configure is installed setuid root, so a buffer overflow can lead to arbitrary code execution as root.
An exploit for x86 Solaris is available to attackers.
/*
Command line argument overflow
/usr/openwin/bin/kcms_configure
Proof of Concept Exploitation
Riley Hassell
*/
#include
#include
#include
#include
#define BUFLEN 1100
/* seteuid/exec shellcode */
char shell[] =
"\xeb\x0a\x9a\x01\x02\x03\x5c\x0
Exploit-DB
Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (2)
exploitdb·2001-04-09
CVE-2001-0594 Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (2)
Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/2558/info
The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcms_configure, a part of KCMS, is vulnerable to a buffer overflow if it is passed an overly long string on the command-line by a local user. kcms_configure is installed setuid root, so a buffer overflow can lead to arbitrary code execution as root.
An exploit for x86 Solaris is available to attackers.
/* kcms_configure -o -S command line buffer overflow, SPARC/solaris 8
*
* https://www.securityfocus.com/bid/2558
*
* Coded June 22, 2002 by Adam Slattery. Phear. The vulnerability
* was discovered a long time ago (04/2001), but there haven't been
*
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.htmlhttp://www.securityfocus.com/bid/2558https://exchange.xforce.ibmcloud.com/vulnerabilities/6359https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A65https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.htmlhttp://www.securityfocus.com/bid/2558https://exchange.xforce.ibmcloud.com/vulnerabilities/6359https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A65https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7
2001-08-02
Published