CVE-2001-1582

Solaris 8 - Buffer Overflow via LDAP_OPTIONS Environment Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-1582. PoCs published by Fyodor, noir.

AI-analyzed exploit summary This exploit targets a buffer overflow in the 'libsldap' library on Solaris 8 via the 'LDAP_OPTIONS' environment variable. It leverages a setuid/setgid binary (e.g., /bin/passwd) to execute shellcode and escalate privileges.

Description

Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Fyodor · clocalsolaris
https://www.exploit-db.com/exploits/20970

This exploit targets a buffer overflow in the 'libsldap' library on Solaris 8 via the 'LDAP_OPTIONS' environment variable. It leverages a setuid/setgid binary (e.g., /bin/passwd) to execute shellcode and escalate privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Solaris 8 libsldap
No auth needed
Prerequisites: Solaris 8 system with vulnerable libsldap · setuid/setgid binary linked to libsldap
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by noir · clocalsolaris
https://www.exploit-db.com/exploits/20969

This exploit targets a buffer overflow in the 'libsldap' library on Solaris 8 via the 'LDAP_OPTIONS' environment variable. It leverages setuid/setgid binaries linked to the library to achieve local privilege escalation by executing shellcode.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Solaris 8 libsldap.so.1
No auth needed
Prerequisites: Local access to a Solaris 8 system · Presence of setuid/setgid binaries linked to libsldap
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2001/Jul/0091.html
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2931
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2001/Jun/0365.html
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2001/Jul/0077.html

Scores

EPSS 0.0130
EPSS Percentile 66.7%

Details

CWE
CWE-119
Status published
Products (2)
sun/solaris 8.0 unkown
sun/sunos 5.8
Published Dec 31, 2001
Tracked Since Feb 18, 2026