CVE-2011-0902

Sun Microsystems SunScreen Firewall <5.9 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0902. PoCs published by kingcope.

AI-analyzed exploit summary This exploit leverages environment variable manipulation (PATH) in the SunScreen Firewall's Java service to execute arbitrary code as root. It uploads a malicious 'cat' binary to a writable directory, which then spawns a root shell on port 1524/tcp via inetd.

Description

Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable.

Exploits (1)

exploitdb WORKING POC
by kingcope · textremotemultiple
https://www.exploit-db.com/exploits/16041

This exploit leverages environment variable manipulation (PATH) in the SunScreen Firewall's Java service to execute arbitrary code as root. It uploads a malicious 'cat' binary to a writable directory, which then spawns a root shell on port 1524/tcp via inetd.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sun Microsystems SunScreen Firewall (SunOS 5.9)
No auth needed
Prerequisites: Ability to upload a file to the target system (e.g., via FTP, LPD, or other means) · Knowledge of a writable directory on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/16041
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45963
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64887

Scores

EPSS 0.0152
EPSS Percentile 71.2%

Details

Status published
Products (1)
oracle/sun_microsystems_sunscreen_firewall
Published Feb 07, 2011
Tracked Since Feb 18, 2026