vendor:
Solaris
by:
warning3@nsfocus.com
7,5
CVSS
HIGH
Format String Vulnerability
134
CWE
Product Name: Solaris
Affected Version From: Solaris 2.6
Affected Version To: Solaris 7.0
Patch Exists: YES
Related CWE: N/A
CPE: Solaris
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Solaris
2000
Exploit for Locale Subsystem Format Strings Bug In Solaris with Noexec Stack
This exploit is for the locale subsystem format strings bug in Solaris with noexec stack. It is tested in Solaris 2.6/7.0 and can be adjusted by changing the retloc offset. The exploit is written in C and uses ldd, sed, gcc, and systeminfo.h. It uses a fake frame to bypass the noexec stack and then executes a shell.
Mitigation:
Ensure that the noexec stack is enabled and that all programs are up to date.
