CVE-2008-0964

OpenSolaris and Solaris 8-10 - Remote Code Execution via Crafted SMB Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0964. PoCs published by Andi.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Solaris snoop utility (CVE-2008-0964) to achieve remote code execution. It crafts a malicious SMB packet with a payload that overwrites the return address to execute arbitrary commands via system().

Description

Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Andi · cremotesolaris
https://www.exploit-db.com/exploits/6328

This exploit targets a buffer overflow vulnerability in the Solaris snoop utility (CVE-2008-0964) to achieve remote code execution. It crafts a malicious SMB packet with a payload that overwrites the return address to execute arbitrary commands via system().

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Solaris snoop (SunOS 5.11 snv_86, SunOS 5.10 Generic_118833-33, and others)
No auth needed
Prerequisites: Network access to the target system · Snoop utility running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5318
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=734
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6328
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240101-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020633
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2311
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31535
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31386
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44222
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30556

Scores

EPSS 0.1351
EPSS Percentile 96.0%

Details

CWE
CWE-119
Status published
Products (17)
sun/opensolaris (3 CPE variants)
sun/opensolaris build_snv_01
sun/opensolaris build_snv_02
sun/opensolaris build_snv_13
sun/opensolaris build_snv_19
sun/opensolaris build_snv_22
sun/opensolaris build_snv_64
sun/opensolaris build_snv_88
sun/opensolaris build_snv_89
sun/opensolaris build_snv_91
... and 7 more
Published Aug 08, 2008
Tracked Since Feb 18, 2026