Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4556Improper Restriction of Operations within the Bounds of a Memory Buffer in Solaris

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
10.0CRITICALNVD
EPSS
79.0%
top 0.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Solaris
Timeline
PublishedOct 14
Latest updateMay 2

Description

Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDsun/solaris8, 9+1

🔴Vulnerability Details

2
GHSA
GHSA-c25g-vx8r-h5gx: Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute2022-05-02
CVEList
CVE-2008-4556: Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute2008-10-14

💥Exploits & PoCs

3
Exploit-DB
Sun Solaris sadmind - 'adm_build_path()' Remote Buffer Overflow (Metasploit)2010-07-03
Exploit-DB
Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution2008-10-19
Exploit-DB
Solaris sadmind adm_build_path - Remote Buffer Overflow (Metasploit)2008-10-14
CVE-2008-4556 — SUN Solaris vulnerability | cvebase