CVE-2008-4556

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-4556. PoCs published by Metasploit, kingcope, Adriano Lima, including Metasploit module exploits/solaris/sunrpc/sadmind_adm_build_path.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the `adm_build_path()` function of the Solaris `sadmind` daemon (CVE-2008-4556). It uses a brute-force approach to bypass ASLR by targeting memory addresses in the `sadmind` process, delivering a payload to achieve remote code execution.

Description

Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotesolaris

https://www.exploit-db.com/exploits/16325

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the `adm_build_path()` function of the Solaris `sadmind` daemon (CVE-2008-4556). It uses a brute-force approach to bypass ASLR by targeting memory addresses in the `sadmind` process, delivering a payload to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sun Solaris sadmind (Solaris 9 x86)

No auth needed

Prerequisites: Network access to the target's sadmind service (UDP port 100232) · Target running vulnerable Solaris 9 x86

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by kingcope · perlremotesolaris

https://www.exploit-db.com/exploits/6786

View Code ZIP pw:eip

This exploit targets a remote buffer overflow vulnerability in SunOS 5.9's sadmind service, allowing unauthenticated remote code execution. It uses a crafted RPC request to trigger the overflow and execute a bind shell on port 5555.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SunOS 5.9 (Solaris 9) sadmind

No auth needed

Prerequisites: Network access to the target's sadmind service (UDP port 100069 or similar)

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Adriano Lima · rubyremotesolaris

https://www.exploit-db.com/exploits/9920

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the `adm_build_path()` function of the Solaris `sadmind` daemon (CVE-2008-4556). It uses a brute-force approach to bypass ASLR by targeting memory addresses in the `sadmind` process, delivering a payload via a maliciously crafted SunRPC request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sun Solaris sadmind (versions including Solaris 9 x86)

No auth needed

Prerequisites: Network access to the target's sadmind service (UDP port 100232) · Target running vulnerable Solaris version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by Ramon de C Valle · rubypocsolaris

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/sunrpc/sadmind_adm_build_path.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the `adm_build_path()` function of the Sun Solstice AdminSuite `sadmind` daemon (CVE-2008-4556). It targets Sun Solaris 9 x86 systems via a crafted SunRPC request to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sun Solstice AdminSuite sadmind daemon (Solaris 9 x86)

No auth needed

Prerequisites: Network access to UDP port 100232 (sadmind) · Vulnerable Solaris 9 x86 system

MITRE ATT&CK