Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1583OS Command Injection in Sunos

CWE-78OS Command Injection8 documents5 sources
Severity
10.0CRITICALNVD
EPSS
45.8%
top 2.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Sunos
Timeline
PublishedDec 31
Latest updateApr 30

Description

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDsun/sunos5.9

🔴Vulnerability Details

2
GHSA
GHSA-4xc7-h5vr-gqmj: lpd daemon (in2022-04-30
CVEList
CVE-2001-1583: lpd daemon (in2007-09-23

💥Exploits & PoCs

5
Exploit-DB
Solaris LPD - Command Execution (Metasploit)2010-09-20
Exploit-DB
Solaris 10 LPD - Arbitrary File Delete (Metasploit)2005-08-19
Exploit-DB
Solaris 2.x/7.0/8 LPD - Remote Command Execution2001-08-31
Exploit-DB
Solaris 8.0 LPD - Command Execution (Metasploit)2001-08-31
Metasploit
Solaris LPD Command Execution
CVE-2001-1583 — OS Command Injection in SUN Sunos | cvebase