Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0033Improper Restriction of Operations within the Bounds of a Memory Buffer in Solaris

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
10.0CRITICALNVD
EPSS
55.5%
top 1.92%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Solaris
Timeline
PublishedMay 29
Latest updateApr 30

Description

Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDsun/solaris4 versions+3

Patches

Patch: sunsolve.sun.comPatch: www.cert.orgPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-9p84-w92j-68vw: Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long dir2022-04-30
CVEList
CVE-2002-0033: Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long dir2003-04-02

💥Exploits & PoCs

1
Exploit-DB
Solaris 2/7/8/9 cachefsd - Remote Heap Overflow2002-01-01

🔍Detection Rules

2
Suricata
GPL RPC portmap cachefsd request TCP2010-09-23
Suricata
GPL RPC portmap cachefsd request UDP2010-09-23

📋Vendor Advisories

1
Cisco
Heap Overflow in Solaris cachefs Daemon2002-07-24
CVE-2002-0033 — SUN Solaris vulnerability | cvebase