Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1582Improper Restriction of Operations within the Bounds of a Memory Buffer in Solaris

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 61.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SUN SolarisSUN Sunos
Timeline
PublishedDec 31
Latest updateApr 30

Description

Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDsun/solaris8.0
NVDsun/sunos5.8

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-g5hh-655f-w2v3: Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS e2022-04-30
CVEList
CVE-2001-1582: Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS e2007-09-23

💥Exploits & PoCs

2
Exploit-DB
Solaris 8 libsldap - Local Buffer Overflow (2)2001-06-27
Exploit-DB
Solaris 8 libsldap - Local Buffer Overflow (1)2001-06-26
CVE-2001-1582 — SUN Solaris vulnerability | cvebase