Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0595Improper Restriction of Operations within the Bounds of a Memory Buffer in Sunos

5 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.4%
top 40.97%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Sunos
Timeline
PublishedAug 2
Latest updateApr 30

Description

Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDsun/sunos5.7, 5.8+1

🔴Vulnerability Details

2
GHSA
GHSA-792f-vcf6-566f: Buffer overflow in the kcsSUNWIOsolf2022-04-30
CVEList
CVE-2001-0595: Buffer overflow in the kcsSUNWIOsolf2002-03-09

💥Exploits & PoCs

2
Exploit-DB
Solaris 2.5/2.6/7.0/8 - kcms_configure KCMS_PROFILES Buffer Overflow (2)1999-12-01
Exploit-DB
Solaris 2.5/2.6/7.0/8 - kcms_configure KCMS_PROFILES Buffer Overflow (1)1999-12-01
CVE-2001-0595 — SUN Sunos vulnerability | cvebase