CVE-2001-0423

Solaris 7 x86 - Buffer Overflow via Long TZ Environmental Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0423. PoCs published by Riley Hassell.

AI-analyzed exploit summary This exploit leverages a buffer overflow in the `ipcs` utility on Solaris systems by overflowing the TIMEZONE environment variable. The overflow allows local users to execute arbitrary code with elevated privileges (EUID of sys).

Description

Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Riley Hassell · textlocalsolaris

https://www.exploit-db.com/exploits/20751

View Code ZIP pw:eip

This exploit leverages a buffer overflow in the `ipcs` utility on Solaris systems by overflowing the TIMEZONE environment variable. The overflow allows local users to execute arbitrary code with elevated privileges (EUID of sys).

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Solaris 7/8 (Sparc/x86) - /usr/bin/ipcs

No auth needed

Prerequisites: Local access to a vulnerable Solaris system · The `ipcs` binary must be SGID sys

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1587.001 - Malware

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6369

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2581

Scores

EPSS 0.0125

EPSS Percentile 65.7%

Details

Status published

Products (1)

sun/solaris 7.0

Published Jul 02, 2001

Tracked Since Feb 18, 2026