CVE-2000-0471

Solaris 8 and earlier - Local Buffer Overflow in ufsrestore

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0471. PoCs published by Job de Haas of ITSX.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in the setuid root utility ufsrestore on Solaris systems. The exploit leverages incorrect usage of strncat functions to overflow a buffer, allowing local privilege escalation to root.

Description

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Job de Haas of ITSX · clocalsolaris

https://www.exploit-db.com/exploits/20014

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in the setuid root utility ufsrestore on Solaris systems. The exploit leverages incorrect usage of strncat functions to overflow a buffer, allowing local privilege escalation to root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Solaris ufsrestore (setuid root)

No auth needed

Prerequisites: Local access to a vulnerable Solaris system · Presence of /usr/lib/fs/ufs/ufsrestore with setuid root · Dump file created by the accompanying ufsscript

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1555 - Credentials from Password Stores

devstral-2 · analyzed Feb 16, 2026 Full analysis →