Vulnerabilities > CVE-2001-0652 - Heap Overflow vulnerability in Solaris xlock
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
Vulnerable Configurations
Exploit-Db
description Solaris 8 x86 xlock Heap Overflow Vulnerability. CVE-2001-0652. Local exploit for solaris platform id EDB-ID:21059 last seen 2016-02-02 modified 2001-08-10 published 2001-08-10 reporter Nsfocus source https://www.exploit-db.com/download/21059/ title Solaris 8 x86 xlock Heap Overflow Vulnerability description Solaris 2.6/7/8 SPARC xlock Heap Overflow Vulnerability. CVE-2001-0652. Local exploit for solaris platform id EDB-ID:21058 last seen 2016-02-02 modified 2001-08-10 published 2001-08-10 reporter Nsfocus source https://www.exploit-db.com/download/21058/ title Solaris 2.6/7/8 SPARC xlock Heap Overflow Vulnerability
Oval
accepted 2018-09-11T10:00:00.000-05:00 class vulnerability contributors name David Proulx organization The MITRE Corporation description Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable. family unix id oval:org.mitre.oval:def:10 status accepted submitted 2002-09-17T12:00:00.000-04:00 title Heap Overflow in Solaris 8 xlock version 35 accepted 2016-02-08T10:00:00.000-05:00 class vulnerability contributors name David Proulx organization The MITRE Corporation description Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable. family unix id oval:org.mitre.oval:def:131 status accepted submitted 2002-10-17T12:00:00.000-04:00 title Heap Overflow in Solaris 7 xlock version 35
References
- http://marc.info/?l=bugtraq&m=99745571104126&w=2
- http://www.securityfocus.com/bid/3160
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6967
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A131