CVE-2001-0652

Solaris 2.6-8 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0652. PoCs published by Nsfocus.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in Solaris 8 x86's xlock utility via the XUSERFILESEARCHPATH environment variable. It leverages shellcode execution to achieve local privilege escalation by overwriting critical memory structures.

Description

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Nsfocus · clocalsolaris
https://www.exploit-db.com/exploits/21059

This exploit targets a heap overflow vulnerability in Solaris 8 x86's xlock utility via the XUSERFILESEARCHPATH environment variable. It leverages shellcode execution to achieve local privilege escalation by overwriting critical memory structures.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: xlock (Solaris 8 x86)
No auth needed
Prerequisites: Local access to a vulnerable Solaris 8 x86 system · xlock installed setuid root
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Nsfocus · clocalsolaris
https://www.exploit-db.com/exploits/21058

This exploit targets a heap overflow vulnerability in xlock on Solaris SPARC systems, allowing local privilege escalation to root via a crafted environment variable. It uses shellcode to spawn a shell and calculates the return address dynamically.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: xlock (OpenWindows) on Solaris 2.6/7/8 SPARC
No auth needed
Prerequisites: Local access to a vulnerable Solaris SPARC system · xlock installed setuid root
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3160
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6967
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=99745571104126&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A131

Scores

EPSS 0.0092
EPSS Percentile 55.5%

Details

Status published
Products (1)
sun/sunos < 5.9
Published Oct 30, 2001
Tracked Since Feb 18, 2026