CVE-2001-0059

Solaris - Local Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0059. PoCs published by Larry W. Cashdollar.

AI-analyzed exploit summary This exploit targets a race condition in Solaris patchadd (CVE-2001-0059) by symlinking /tmp/response.<PID> to /etc/passwd. When patchadd runs as root, it follows the symlink and overwrites the target file, enabling privilege escalation or system corruption.

Description

patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Larry W. Cashdollar · perllocalsolaris
https://www.exploit-db.com/exploits/20514

This exploit targets a race condition in Solaris patchadd (CVE-2001-0059) by symlinking /tmp/response.<PID> to /etc/passwd. When patchadd runs as root, it follows the symlink and overwrites the target file, enabling privilege escalation or system corruption.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Solaris patchadd (Solaris 2.x)
No auth needed
Prerequisites: Local access to the system · Ability to execute scripts · patchadd running as root
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=97720205217707&w=2
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2127
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5789

Scores

EPSS 0.0069
EPSS Percentile 48.1%

Details

Status published
Products (1)
sun/sunos 5.7
Published Feb 12, 2001
Tracked Since Feb 18, 2026