CVE-2003-0027

Sun Solaris - Directory Traversal via KCMS KCS_OPEN_PROFILE Procedure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0027. Includes Metasploit module auxiliary/admin/sunrpc/solaris_kcms_readfile.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Solaris KCMS and TTDB servers to read arbitrary files. It uses SunRPC calls to bypass validation and retrieve file contents.

Description

Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

Exploits (1)

metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb

This Metasploit module exploits a directory traversal vulnerability in Solaris KCMS and TTDB servers to read arbitrary files. It uses SunRPC calls to bypass validation and retrieve file contents.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Solaris 2.5 - 9 (SPARC/x86) with kcms_server and rpc.ttdbserverd running
No auth needed
Prerequisites: kcms_server and rpc.ttdbserverd must be running on the target · Network access to TCP ports 100221 and 100083
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Patch, Vendor Advisory x_refsource_misc
http://www.entercept.com/news/uspr/01-22-03.asp
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6665
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/850785
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2592
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A120
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11129
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A195
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104326556329850&w=2

Scores

EPSS 0.7208
EPSS Percentile 98.8%

Details

Status published
Products (9)
sun/solaris 2.5.1
sun/solaris 2.6
sun/solaris 7.0
sun/solaris 8.0
sun/solaris 9.0 (2 CPE variants)
sun/sunos
sun/sunos 5.5.1
sun/sunos 5.7
sun/sunos 5.8
Published Feb 07, 2003
Tracked Since Feb 18, 2026