CVE-2003-1055
Solaris 8 and 9 - Buffer Overflow in nss_ldap.so.1 via Long Hostname
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-1055. PoCs published by Andi.
AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Solaris LDAP client (CVE-2003-1055) to achieve local privilege escalation. It uses a crafted buffer with NOP sleds and shellcode to spawn a root shell via the 'ping' command.
Description
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Andi · clocalsolaris
https://www.exploit-db.com/exploits/4
This exploit targets a buffer overflow vulnerability in Solaris LDAP client (CVE-2003-1055) to achieve local privilege escalation. It uses a crafted buffer with NOP sleds and shellcode to spawn a root shell via the 'ping' command.
Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target:
Solaris LDAP client (pre-patch 108994-11)
No auth needed
Prerequisites:
Access to a vulnerable Solaris system · Ability to execute the compiled binary
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Patch, Vendor Advisory third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-113.shtml
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7064
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52222-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1006401
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11641
Vendor Advisory third-party-advisory
x_refsource_auscert
http://www.auscert.org.au/render.html?it=3224
Scores
EPSS
0.0106
EPSS Percentile
60.0%
Details
Status
published
Products (3)
sun/solaris
8.0
sun/solaris
9.0 (2 CPE variants)
sun/sunos
5.8
Published
Jul 03, 2003
Tracked Since
Feb 18, 2026