CVE-2000-0407

Solaris - Buffer Overflow via Long -p Option

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0407. PoCs published by ADM.

AI-analyzed exploit summary This exploit targets a buffer overflow in the 'netpr' program (part of SUNWpcu) on Solaris 2.6 and 7 (SPARC/x86). It leverages the -p option to execute arbitrary code as root by overflowing the buffer with NOP sleds and shellcode.

Description

Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

Exploits (2)

exploitdb WORKING POC VERIFIED

by ADM · clocalsolaris

https://www.exploit-db.com/exploits/19910

View Code ZIP pw:eip

This exploit targets a buffer overflow in the 'netpr' program (part of SUNWpcu) on Solaris 2.6 and 7 (SPARC/x86). It leverages the -p option to execute arbitrary code as root by overflowing the buffer with NOP sleds and shellcode.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SUNWpcu (netpr) on Solaris 2.6 and 7

No auth needed

Prerequisites: Access to a vulnerable Solaris system with netpr installed · Ability to execute the exploit binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by ADM · clocalsolaris

https://www.exploit-db.com/exploits/19911

View Code ZIP pw:eip

This exploit leverages a buffer overflow in the 'netpr' program (part of the SUNWpcu package) on Solaris 2.6 and 7 (i386) to execute arbitrary code as root. It crafts a malicious payload with NOP sleds and shellcode to create a SUID root shell in /tmp/ksh.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SUNWpcu (LP) package, netpr program on Solaris 2.6 and 7 (i386)

No auth needed

Prerequisites: Access to a host running the vulnerable netpr program · Ability to execute the exploit binary · Presence of /bin/ksh copied to /tmp/ksh

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1200

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html

Scores

EPSS 0.0108

EPSS Percentile 60.7%

Details

Status published

Products (6)

sun/solaris 2.6

sun/solaris 7.0

sun/solaris 8.0

sun/sunos

sun/sunos 5.7

sun/sunos 5.8

Published May 12, 2000

Tracked Since Feb 18, 2026