CVE-2005-2071

Solaris 10 - Local Privilege Escalation via Traceroute Argument Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2071. PoCs published by Przemyslaw Frasunek.

AI-analyzed exploit summary This exploit targets a local buffer overflow vulnerability in Sun Solaris traceroute (CVE-2005-2071) by supplying excessive data through command line arguments. It attempts to execute shellcode via a crafted payload passed to the '-g' option.

Description

traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Przemyslaw Frasunek · perllocalsolaris

https://www.exploit-db.com/exploits/25896

View Code ZIP pw:eip

This exploit targets a local buffer overflow vulnerability in Sun Solaris traceroute (CVE-2005-2071) by supplying excessive data through command line arguments. It attempts to execute shellcode via a crafted payload passed to the '-g' option.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Sun Solaris traceroute (Solaris 10, x86 platform)

No auth needed

Prerequisites: Local access to the target system · Presence of vulnerable traceroute binary

MITRE ATT&CK