Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1076 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Solaris

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 56.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedJul 5

Latest updateApr 30

Description

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/sunos4 versions+3

▶NVDsun/solaris5 versions+4

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-wppv-9xfq-qv5x: Buffer overflow in whodo in Solaris SunOS 5↗2022-04-30

▶

CVEList

CVE-2001-1076: Buffer overflow in whodo in Solaris SunOS 5↗2002-02-02

▶

💥Exploits & PoCs

Exploit-DB

Solaris 2.6/2.6/7.0/8 whodo - Local Buffer Overflow↗2001-06-01

▶