CVE-2001-0548

Solaris 2.6 and 7 - Buffer Overflow via MAIL Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0548. PoCs published by NSFOCUS Security Team.

AI-analyzed exploit summary This exploit targets a buffer overflow in dtmail (CDE) via the MAIL environment variable, allowing local privilege escalation to the 'mail' GID. It uses shellcode to execute '/bin/id' and is tested on Solaris 2.6/7 (SPARC).

Description

Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NSFOCUS Security Team · clocalsolaris

https://www.exploit-db.com/exploits/21024

View Code ZIP pw:eip

This exploit targets a buffer overflow in dtmail (CDE) via the MAIL environment variable, allowing local privilege escalation to the 'mail' GID. It uses shellcode to execute '/bin/id' and is tested on Solaris 2.6/7 (SPARC).

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: dtmail (Common Desktop Environment) on Solaris 2.6/7

No auth needed

Prerequisites: Local access to a vulnerable Solaris system · dtmail installed · X Window System environment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3081

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=99598918914068&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6879

Scores

EPSS 0.0077

EPSS Percentile 50.7%

Details

Status published

Products (2)

sun/solaris 2.6

sun/sunos 5.7

Published Aug 14, 2001

Tracked Since Feb 18, 2026