EUVD-2001-0638

Malware in sbrugna...

CVE-2003-1576

Buffer overflow in pamverifier in Change Manager CM 1.0 for Sun Management Center SunMC 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2018-2754

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: ZVNET Driver. The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark10)

The remote Solaris system is missing necessary patches to address security updates : - The nfsnamesnoopaddname function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote...

Oracle Solaris Third-Party Patch Update : jinja2 (multiple_vulnerabilities_in_jinja2)

The remote Solaris system is missing necessary patches to address security updates : - FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this...

Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3505_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application...

Sun Update Manager /tmp Clobber

author http://packetstormsecurity.org/user/lcashdol/ Noticed this during routine patching. /tmp file clobbering vulnerability in Sun Update manager. 7/15/2012 noticed this while patching my lab solaris system tonight. larry@s0l4r1s:/tmp$ ln -s /etc/shadow com.sun.swup.client.LOCK updatemanager is...

Solaris Gather Dump Password Hashes for Solaris Systems

Post module to dump the password hashes for all users on a Solaris System This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris Gather Dump Password Hashes for Solaris Systems', 'Description'...

Sun Java运行时环境XML解析拒绝服务漏洞

BUGTRAQ ID: 35958 CVECAN ID: CVE-2009-2625 Solaris系统的Java运行时环境（JRE）为JAVA应用程序提供可靠的运行环境。 JRE在解析包含有非预期字节值和递归括号的XML元素时可能导致程序越界访问内存或陷入死循环。攻击者可以通过诱骗用户打开特制文件或向服务器提交恶意XML内容来利用这个漏洞，导致拒绝服务的情况。 Sun JDK 6 Sun JDK 5.0 Sun JRE 6 Sun JRE 5.0 厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2009:1199-01）以及相应补丁:...

KAME Racoon - 'Initial Contact' SA Deletion

// source: https://www.securityfocus.com/bid/9417/info It has been reported that it may be possible for attackers to remotely delete security associations SAs in hosts running the KAME IKE daemon Racoon. / Sun Microsystems Solaris sysinfo Kernel Memory Disclosure exploit...

CVE-2001-0652

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long 1 XFILESEARCHPATH or 2 XUSERFILESEARCHPATH environmental variable...

Solaris 2789 cachefsd - Remote Heap Overflow

Solaris 2789 cachefsd - Remote Heap Overflow // source: https://www.securityfocus.com/bid/4674/info A remotely exploitable buffer overflow condition has been reported in cachefsd. The overflow occurs in the heap and is reportedly exploitable as valid malloc chunk structures are overwritten...

top format string bug exploit code (exploitable)

hi. It still seems to be affected under 3.5beta9 including this version someone said it's not the problem of exploitable vulnerability about 8 month ago , but it's possible to exploit though situation is difficult. following code and some procedure comments demonstrate it. possible to get kmem...

Ошибка форматной строки в at из Solaris (NLS format string)

Ошибка форматной строки при работе с NLS...

CVE-2000-1143

Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system...

CVE-1999-0966

Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv0...

netscape.directory.server.4.txt

Date: Mon, 03 May 1999 08:45:25 -0400 From: "Bobby, Paul" To: "'[email protected]'" Subject: bug/Netscape-DirectoryServer4 After installing Netscape's Directory Server 4 for Solaris, one of the final options is to remove a file called 'install.inf' which the install process claims coul...

solaris-lpstat-bof.txt

Date: Wed, 27 Jan 1999 16:53:51 +0100 From: Anthony C . Zboralski To: [email protected] Subject: HERT Advisory 001 Buffer overflow in Solaris /usr/bin/lpstat -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------- HERT - Hacker Emergency Response Team...

Microsoft Windows 98a/98b/98SE / Solaris 2.6 - IRDP

source: https://www.securityfocus.com/bid/578/info This discussion is verbatim from the LHI Advisory referenced in the "Reference Section" of this vulnerability entry with very few changes The ICMP Router Discovery Protocol IRDP comes enabled by default on DHCP clients that are running Microsoft...

Solaris 2.5.1 - 'ffbconfig' Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/202/info The ffbconfig program is used to configure the Creator Fast Frame Buffer FFB Graphics Accelerator, which is a component of the FFB Configuration Software Package SUNWffbcf. A buffer overflow condition has been discovered that may allow an...