CVE-2001-1583

Solaris 8 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2001-1583. PoCs published by Metasploit, Optyx, H D Moore, including Metasploit module exploits/solaris/lpd/sendmail_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2001-1583, a command execution flaw in the Solaris in.lpd service (up to Solaris 8.0). It leverages a technique by Dino Dai Zovi to execute arbitrary commands without requiring the resolved name of the attacking system.

Description

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotesolaris
https://www.exploit-db.com/exploits/16322

This Metasploit module exploits CVE-2001-1583, a command execution flaw in the Solaris in.lpd service (up to Solaris 8.0). It leverages a technique by Dino Dai Zovi to execute arbitrary commands without requiring the resolved name of the attacking system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Solaris in.lpd service (versions up to and including 8.0)
No auth needed
Prerequisites: Network access to the target's LPD service (port 515) · Solaris version <= 8.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Optyx · remotesolaris
https://www.exploit-db.com/exploits/1167

This exploit targets a vulnerability in the Solaris LPD service to delete arbitrary files by sending a malicious cascaded job request. It leverages a flaw in the line printer daemon to manipulate file paths and delete specified files.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Solaris LPD (Solaris 2.6, 7, 8, 9, 10)
No auth needed
Prerequisites: Network access to the target's LPD service (port 515)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · rubyremotesolaris
https://www.exploit-db.com/exploits/9921

This exploit targets a command execution vulnerability in the Solaris in.lpd service (CVE-2001-1583) by uploading malicious files to the print spool directory and triggering their execution via a cascaded job request. It leverages a technique to bypass the need for the attacker's hostname resolution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Solaris in.lpd service (versions up to and including Solaris 8.0)
No auth needed
Prerequisites: Network access to the target's LPD service (port 515) · Write access to the spool directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ron1n · textremotesolaris
https://www.exploit-db.com/exploits/21097

The writeup describes a vulnerability in Solaris' 'in.lpd' daemon that allows remote command execution with superuser privileges by manipulating sendmail usage. No actual exploit code is provided, only a description of the vulnerability.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Solaris in.lpd (lpd)
No auth needed
Prerequisites: Network access to the target host · Solaris system with vulnerable 'in.lpd' daemon
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by hdm, ddz · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/lpd/sendmail_exec.rb

This Metasploit module exploits a command execution vulnerability in the Solaris in.lpd service (CVE-2001-1583) by uploading malicious configuration files to trigger arbitrary command execution. It uses a cascaded job technique to bypass host resolution requirements.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sun Solaris in.lpd service (up to and including Solaris 8.0)
No auth needed
Prerequisites: Network access to the target's LPD service (port 515) · Target running vulnerable Solaris version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3274
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=99929694701826&w=2
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/15131
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7087

Scores

EPSS 0.8340
EPSS Percentile 99.6%

Details

CWE
CWE-78
Status published
Products (1)
sun/sunos < 5.9
Published Dec 31, 2001
Tracked Since Feb 18, 2026