CVE-2001-0803

CDE Common Desktop Environment - Remote Code Execution via Buffer Overflow in dtspcd Client Connection Routine

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2001-0803. PoCs published by Metasploit, noir, including Metasploit module exploits/solaris/dtspcd/heap_noir.

AI-analyzed exploit summary This is a Metasploit module that exploits a heap overflow vulnerability in Solaris dtspcd (CVE-2001-0803) to achieve remote code execution. It targets Solaris 8 (SPARC) by sending a maliciously crafted payload to the dtspcd service on port 6112.

Description

Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotesolaris_sparc
https://www.exploit-db.com/exploits/16323

This is a Metasploit module that exploits a heap overflow vulnerability in Solaris dtspcd (CVE-2001-0803) to achieve remote code execution. It targets Solaris 8 (SPARC) by sending a maliciously crafted payload to the dtspcd service on port 6112.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Solaris dtspcd (Solaris 8 SPARC)
No auth needed
Prerequisites: Network access to the target's dtspcd service (port 6112) · Vulnerable version of Solaris 8 (SPARC)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by noir · rubyremotesolaris
https://www.exploit-db.com/exploits/9923

This is a Metasploit module that exploits a heap overflow vulnerability in Solaris dtspcd (CVE-2001-0803) to achieve remote code execution. It targets Solaris 8 (SPARC) by sending a maliciously crafted payload to the dtspcd service on port 6112.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Solaris dtspcd (Solaris 8 SPARC)
No auth needed
Prerequisites: Network access to the target system on port 6112 · Vulnerable version of Solaris 8 (SPARC)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocsolaris
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/dtspcd/heap_noir.rb

This is a Metasploit module that exploits a heap overflow vulnerability in Solaris dtspcd (CVE-2001-0803) to achieve remote code execution on SPARC-based Solaris 8 systems. It uses a crafted payload to overwrite memory and execute arbitrary code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Solaris dtspcd (Solaris 8, SPARC)
No auth needed
Prerequisites: Network access to the target system on port 6112 · Vulnerable version of Solaris dtspcd running on SPARC architecture
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3517
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2002-01.html
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/172583
Vendor Advisory vendor-advisory x_refsource_sun
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/214
Various Sources vendor-advisory x_refsource_compaq
http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20011107-01-P
Various Sources vendor-advisory x_refsource_caldera
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7396
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A70
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2001-31.html
Patch, Vendor Advisory vendor-advisory x_refsource_hp
http://www.securityfocus.com/advisories/3651
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A74
Vendor Advisory third-party-advisory x_refsource_iss
http://xforce.iss.net/alerts/advise101.php

Scores

EPSS 0.8556
EPSS Percentile 99.7%

Details

CWE
CWE-119
Status published
Products (6)
open_group/cde_common_desktop_environment 1.0.1
open_group/cde_common_desktop_environment 1.0.2
open_group/cde_common_desktop_environment 1.1
open_group/cde_common_desktop_environment 1.2
open_group/cde_common_desktop_environment 2.0
open_group/cde_common_desktop_environment 2.1
Published Dec 06, 2001
Tracked Since Feb 18, 2026