CVE-1999-0321

Solaris - Buffer Overflow in kcms_configure Command

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0321. PoCs published by UNYUN, Cheez Whiz.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the setuid root binary `/usr/openwin/bin/kcms_configure` on Solaris 2.5, 2.5.1, and 2.6. It leverages an unchecked `sprintf()` call to overflow a buffer and execute arbitrary code with root privileges.

Description

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

Exploits (2)

exploitdb WORKING POC VERIFIED

by UNYUN · clocalsolaris

https://www.exploit-db.com/exploits/19342

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the setuid root binary `/usr/openwin/bin/kcms_configure` on Solaris 2.5, 2.5.1, and 2.6. It leverages an unchecked `sprintf()` call to overflow a buffer and execute arbitrary code with root privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Solaris 2.5, 2.5.1, 2.6 (kcms_configure)

No auth needed

Prerequisites: Access to a vulnerable Solaris system · Ability to compile and execute the exploit code

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Cheez Whiz · clocalsolaris

https://www.exploit-db.com/exploits/19341

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Solaris 2.5, 2.5.1, and 2.6 via an unchecked sprintf() call in the setuid root binary /usr/openwin/bin/kcms_configure. It uses shellcode to execute arbitrary commands with root privileges.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Solaris 2.5, 2.5.1, 2.6 /usr/openwin/bin/kcms_configure

No auth needed

Prerequisites: Local access to the vulnerable Solaris system · Presence of the vulnerable /usr/openwin/bin/kcms_configure binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0321

Scores

EPSS 0.0089

EPSS Percentile 54.7%

Details

Status published

Products (1)

sun/solaris

Published Dec 01, 1998

Tracked Since Feb 18, 2026