CVE-2001-0401

Solaris <= 8 - Local Buffer Overflow via HOME Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0401. PoCs published by Pablo Sor.

AI-analyzed exploit summary This exploit leverages a buffer overflow in the `tip` utility on Solaris 7/8 via environment variable manipulation to execute arbitrary shellcode, gaining an euid of uucp. The shellcode spawns a shell via `/tmp/xx` symlink to `/bin/ksh`.

Description

Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pablo Sor · clocalsolaris

https://www.exploit-db.com/exploits/20684

View Code ZIP pw:eip

This exploit leverages a buffer overflow in the `tip` utility on Solaris 7/8 via environment variable manipulation to execute arbitrary shellcode, gaining an euid of uucp. The shellcode spawns a shell via `/tmp/xx` symlink to `/bin/ksh`.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Sun Microsystems Solaris tip utility (Solaris 7, 8)

No auth needed

Prerequisites: Local access to a vulnerable Solaris system · Presence of the suid uucp `tip` binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6284

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2475

Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-03/0394.html

Scores

EPSS 0.0098

EPSS Percentile 57.7%

Details

Status published

Products (5)

sun/solaris 2.6

sun/sunos 5.5

sun/sunos 5.5.1

sun/sunos 5.7

sun/sunos < 5.9

Published Jun 18, 2001

Tracked Since Feb 18, 2026