CVE-2001-1582
published 2001-12-31CVE-2001-1582: Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS…
PriorityP422high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.30%
66.8th percentile
Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | solaris | — | — |
| sun | sunos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Solaris 8 libsldap - Local Buffer Overflow (2)
exploitdb·2001-06-27
CVE-2001-1582 Solaris 8 libsldap - Local Buffer Overflow (2)
Solaris 8 libsldap - Local Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/2931/info
Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid.
Libsldap contains a buffer overflow vulnerability in it's handling of the 'LDAP_OPTIONS' environment variable.
Local attackers can exploit this vulnerability in setuid/setgid programs linked to libsldap to elevate privileges.
#include
#include
#include
#include
/* $Id: ldap_exp2.c,v 1.1 2001/06/27 23:01:04 fygrave Exp $
*
* victim% ./lod -s 316 -p 5
* jumping into: ffbefe74 (buf size: 156, soff: 316, stack: ffbefd38)
* # id
* uid=0(root) gid=200(em) egid=3(sys)
* # uname -a
* SunOS victim
Exploit-DB
Solaris 8 libsldap - Local Buffer Overflow (1)
exploitdb·2001-06-26
CVE-2001-1582 Solaris 8 libsldap - Local Buffer Overflow (1)
Solaris 8 libsldap - Local Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/2931/info
Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid.
Libsldap contains a buffer overflow vulnerability in it's handling of the 'LDAP_OPTIONS' environment variable.
Local attackers can exploit this vulnerability in setuid/setgid programs linked to libsldap to elevate privileges.
/** !!!PRIVATE!!!
** [email protected]
** libsldap.so.1 $LDAP_OPTIONS enviroment variable overflow exploit;
**
**/
#include
#define ADJUST 1
/* [email protected]
** Solaris/SPARC shellcode
** setreuid(0, 0); setregid(0, 0); execve("/bin/sh", args, 0);
*/
char
No writeups or analysis indexed.
http://seclists.org/bugtraq/2001/Jul/0077.htmlhttp://seclists.org/bugtraq/2001/Jul/0091.htmlhttp://seclists.org/bugtraq/2001/Jun/0365.htmlhttp://www.securiteam.com/unixfocus/5IP0O2A4KS.htmlhttp://www.securityfocus.com/bid/2931http://seclists.org/bugtraq/2001/Jul/0077.htmlhttp://seclists.org/bugtraq/2001/Jul/0091.htmlhttp://seclists.org/bugtraq/2001/Jun/0365.htmlhttp://www.securiteam.com/unixfocus/5IP0O2A4KS.htmlhttp://www.securityfocus.com/bid/2931
2001-12-31
Published