CVE-1999-0973

Solaris snoop - Buffer Overflow via Long Domain Name in Verbose Mode

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0973. PoCs published by K2.

AI-analyzed exploit summary This exploit targets a buffer overflow in the `print_domain_name` function of Solaris snoop (CVE-1999-0973). It crafts a malicious payload with NOP sleds and shellcode to execute arbitrary commands, potentially granting root privileges if snoop is running as root.

Description

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

Exploits (1)

exploitdb WORKING POC VERIFIED

by K2 · cremotesolaris

https://www.exploit-db.com/exploits/19663

View Code ZIP pw:eip

This exploit targets a buffer overflow in the `print_domain_name` function of Solaris snoop (CVE-1999-0973). It crafts a malicious payload with NOP sleds and shellcode to execute arbitrary commands, potentially granting root privileges if snoop is running as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Solaris snoop (verified on Solaris 2.7 x86 with patch 108483-01)

No auth needed

Prerequisites: Target must be running snoop in verbose mode · Network access to the target host

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/858

Scores

EPSS 0.0347

EPSS Percentile 87.5%

Details

Status published

Products (11)

sun/solaris 2.4

sun/solaris 2.5

sun/solaris 2.5.1

sun/solaris 2.6

sun/solaris 7.0

sun/sunos

sun/sunos 5.3

sun/sunos 5.4

sun/sunos 5.5

sun/sunos 5.5.1

... and 1 more

Published Dec 07, 1999

Tracked Since Feb 18, 2026