CVE-2005-2071

SUN Solaris - Access Control

Title source: rule

Description

traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Przemyslaw Frasunek · perllocalsolaris

https://www.exploit-db.com/exploits/25896

View Code ZIP pw:eip

References (8)

[Mailing List] http://marc.info/?l=bugtraq&m=111964580023012&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=111963068714114&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=111963809801731&w=2

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-102060-1

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015261

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/2564

[Exploit] http://www.securityfocus.com/bid/14049

[Vendor Advisory] http://secunia.com/advisories/17708

Scores

EPSS 0.0022

EPSS Percentile 44.4%

Details

CWE

CWE-264

Status published

Products (1)

sun/solaris 10.0

Published Jun 29, 2005

Tracked Since Feb 18, 2026