CVE-2010-3503

Oracle Solaris 10/OpenSolaris - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3503. PoCs published by prdelka.

AI-analyzed exploit summary The exploit triggers a NULL pointer dereference in Solaris 'su' by exhausting memory limits, causing malloc() to fail and leading to a segmentation fault when strcpy() is called with a NULL pointer. This is achieved by setting a large environment variable and restricting the data segment size.

Description

Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su.

Exploits (1)

exploitdb WORKING POC VERIFIED

by prdelka · textdossolaris

https://www.exploit-db.com/exploits/15245

View Code ZIP pw:eip

The exploit triggers a NULL pointer dereference in Solaris 'su' by exhausting memory limits, causing malloc() to fail and leading to a segmentation fault when strcpy() is called with a NULL pointer. This is achieved by setting a large environment variable and restricting the data segment size.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Solaris su (SunOS 5.11 and earlier)

Auth required

Prerequisites: Local user access · Ability to execute 'su' command

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-287A.html

Scores

EPSS 0.0079

EPSS Percentile 51.4%

Details

Status published

Products (2)

oracle/opensolaris

oracle/solaris 10

Published Oct 14, 2010

Tracked Since Feb 18, 2026