CVE-2001-0421

Solaris 8 and earlier - Denial of Service via FTP CWD Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0421. PoCs published by warning3.

AI-analyzed exploit summary This writeup describes a vulnerability in the Solaris FTP server where a buffer overflow in the glob() function can be triggered via the CWD ~ command, leading to a core dump that may contain parts of the shadow file. This allows local users to potentially recover encrypted passwords.

Description

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.

Exploits (1)

exploitdb WRITEUP VERIFIED
by warning3 · textremotesolaris
https://www.exploit-db.com/exploits/20764

This writeup describes a vulnerability in the Solaris FTP server where a buffer overflow in the glob() function can be triggered via the CWD ~ command, leading to a core dump that may contain parts of the shadow file. This allows local users to potentially recover encrypted passwords.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Solaris FTP server (SunOS 5.6)
No auth needed
Prerequisites: Local access to the system · Ability to connect to the FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/177200
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2601

Scores

EPSS 0.0621
EPSS Percentile 92.6%

Details

Status published
Products (2)
sun/solaris 2.6
sun/sunos < 5.9
Published Jul 02, 2001
Tracked Since Feb 18, 2026