CVE-1999-0493

Solaris - Remote Procedure Call Forwarding via rpc.statd SM_MON and SM_NOTIFY Commands

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0493. PoCs published by anonymous.

AI-analyzed exploit summary This exploit leverages a vulnerability in rpc.statd to relay RPC calls to other services without proper access controls, allowing command injection. It can execute arbitrary commands or spawn a shell via inetd manipulation.

Description

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · cremotesolaris

https://www.exploit-db.com/exploits/19327

View Code ZIP pw:eip

This exploit leverages a vulnerability in rpc.statd to relay RPC calls to other services without proper access controls, allowing command injection. It can execute arbitrary commands or spawn a shell via inetd manipulation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Solaris rpc.statd (pre-August 1998)

No auth needed

Prerequisites: Network access to target's rpc.statd service · rpc.statd running on target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=91547759121289&w=2

Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac

http://www.ciac.org/ciac/bulletins/j-045.shtml

Vendor Advisory vendor-advisory x_refsource_sun

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/450

Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.cert.org/advisories/CA-99-05-statd-automountd.html

Scores

EPSS 0.0426

EPSS Percentile 89.8%

Details

Status published

Products (8)

sun/solaris 2.4

sun/solaris 2.5

sun/solaris 2.5.1

sun/solaris 2.6

sun/sunos

sun/sunos 5.3

sun/sunos 5.4

sun/sunos 5.5.1

Published Jun 07, 1999

Tracked Since Feb 18, 2026