CVE-2001-0165

Solaris 7 and 8 - Local Privilege Escalation via ximp40 Library Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0165. PoCs published by UNYUN.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the ximp40 library on Solaris 7/8, allowing local privilege escalation via SUID/SGID binaries. It overwrites stack variables to execute arbitrary shellcode, potentially granting root or mail group privileges.

Description

Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.

Exploits (1)

exploitdb WORKING POC VERIFIED
by UNYUN · clocalsolaris
https://www.exploit-db.com/exploits/20603

This exploit targets a buffer overflow vulnerability in the ximp40 library on Solaris 7/8, allowing local privilege escalation via SUID/SGID binaries. It overwrites stack variables to execute arbitrary shellcode, potentially granting root or mail group privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Solaris 7/8 with Openwin (ximp40 library)
Auth required
Prerequisites: Local access to the target system · SUID/SGID binaries linked against ximp40.so.2 · Ability to set DISPLAY environment variable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6039
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2322

Scores

EPSS 0.0095
EPSS Percentile 56.7%

Details

Status published
Products (4)
sun/solaris 7.0
sun/solaris 8.0
sun/sunos 5.7
sun/sunos 5.8
Published May 03, 2001
Tracked Since Feb 18, 2026