CVE-2002-0033
Description
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:o:sun:solaris:2.5.1:*:sparc:*:*:*:*:*+ 7 more
- cpe:2.3:o:sun:solaris:2.5.1:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.6:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:7.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
- (no CPE)
- cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"The cfsd_calloc function in Solaris cachefsd does not properly validate the length of directory and cache names, leading to a heap-based buffer overflow."
Attack vector
A remote attacker can trigger this vulnerability by sending a crafted request to the cachefsd service with a directory and cache name that are excessively long. This causes a heap-based buffer overflow in the cfsd_calloc function. Successful exploitation can overwrite heap metadata and potentially lead to arbitrary code execution with root privileges on the affected system [ref_id=1].
Affected code
The vulnerability lies within the cfsd_calloc function in the cachefsd service. The exploit code targets the RPC call for CACHEFS_MOUNTED, specifically manipulating the directory and cache name parameters passed to the service [ref_id=1].
What the fix does
The provided bundle does not contain information about a patch or specific remediation steps. However, the advisory indicates that the vulnerability is in the cfsd_calloc function of cachefsd. Users should consult vendor advisories for the latest information on patches or workarounds.
Preconditions
- networkThe target system must be running a vulnerable version of Solaris with cachefsd enabled and accessible over the network.
- inputThe attacker must be able to send a request with a long directory and cache name to the cachefsd service.
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- sunsolve.sun.com/pub-cgi/retrieve.plnvdPatchVendor Advisory
- www.cert.org/advisories/CA-2002-11.htmlnvdPatchThird Party AdvisoryUS Government Resource
- archives.neohapsis.com/archives/bugtraq/2002-05/0026.htmlnvdVendor Advisory
- www.kb.cert.org/vuls/id/635811nvdUS Government Resource
- www.iss.net/security_center/static/8999.phpnvd
- www.securityfocus.com/bid/4674nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A124nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A31nvd
News mentions
0No linked articles in our index yet.