Description
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotesolaris
https://www.exploit-db.com/exploits/16322
exploitdb
WORKING POC
VERIFIED
by H D Moore · rubyremotesolaris
https://www.exploit-db.com/exploits/9921
metasploit
WORKING POC
EXCELLENT
by hdm, ddz · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/lpd/sendmail_exec.rb
References (6)
Scores
EPSS
0.4583
EPSS Percentile
97.6%
Details
CWE
CWE-78
Status
published
Products (1)
sun/sunos
< 5.9
Published
Dec 31, 2001
Tracked Since
Feb 18, 2026