CVE-2003-1071

rpc.walld - Solaris 2.6-9 - Local Privilege Escalation

Title source: llm

Description

rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brant Roman · clocalsolaris

https://www.exploit-db.com/exploits/22120

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/11608

[Exploit, Vendor Advisory] http://www.securityfocus.com/archive/1/305105

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6509

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1006682

[Exploit, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/944241

[Vendor Advisory] http://secunia.com/advisories/7825/

[Patch, Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-51980-1

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1005882

Scores

EPSS 0.0032

EPSS Percentile 55.2%

Details

Status published

Products (9)

sun/solaris 2.5.1

sun/solaris 2.6

sun/solaris 7.0

sun/solaris 8.0

sun/solaris 9.0

sun/sunos

sun/sunos 5.5.1

sun/sunos 5.7

sun/sunos 5.8

Published Jan 03, 2003

Tracked Since Feb 18, 2026