CVE-2004-0360

Solaris 8.0-9.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0360. PoCs published by Marco Ivaldi.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Solaris 8/9's passwd command (CVE-2004-0360) using a ret-into-ld.so technique to bypass non-executable stack protections. It crafts a malicious environment variable and buffer to overwrite the return address, executing shellcode to gain root privileges.

Description

Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Marco Ivaldi · clocalsolaris
https://www.exploit-db.com/exploits/715

This exploit leverages a local privilege escalation vulnerability in Solaris 8/9's passwd command (CVE-2004-0360) using a ret-into-ld.so technique to bypass non-executable stack protections. It crafts a malicious environment variable and buffer to overwrite the return address, executing shellcode to gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Solaris 8/9 passwd command
Auth required
Prerequisites: Local access to a vulnerable Solaris 8/9 system · Valid user password for the passwd command
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57454
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107852274423414&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15327
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/o-088.shtml
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/694782
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9757

Scores

EPSS 0.0095
EPSS Percentile 56.7%

Details

Status published
Products (3)
sun/solaris 8.0
sun/solaris 9.0 (2 CPE variants)
sun/sunos 5.8
Published Nov 23, 2004
Tracked Since Feb 18, 2026