CVE-2001-0803

Open Group Cde Common Desktop Environment - Memory Corruption

Title source: rule

Description

Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotesolaris_sparc

https://www.exploit-db.com/exploits/16323

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by noir · rubyremotesolaris

https://www.exploit-db.com/exploits/9923

View Code ZIP pw:eip

metasploit WORKING POC GREAT

rubypocsolaris

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/dtspcd/heap_noir.rb

View Code ZIP pw:eip

References (13)

[US Government Resource] http://www.cert.org/advisories/CA-2001-31.html

[US Government Resource] http://www.cert.org/advisories/CA-2002-01.html

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/172583

[Patch, Vendor Advisory] http://www.securityfocus.com/advisories/3651

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/3517

[Vendor Advisory] http://xforce.iss.net/alerts/advise101.php

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/7396

[Vendor Advisory] http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/214

[Various Sources] ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/

[Various Sources] http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20011107-01-P

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A70

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A74

Scores

EPSS 0.7024

EPSS Percentile 98.7%

Details

CWE

CWE-119

Status published

Products (6)

open_group/cde_common_desktop_environment 1.0.1

open_group/cde_common_desktop_environment 1.0.2

open_group/cde_common_desktop_environment 1.1

open_group/cde_common_desktop_environment 1.2

open_group/cde_common_desktop_environment 2.0

open_group/cde_common_desktop_environment 2.1

Published Dec 06, 2001

Tracked Since Feb 18, 2026