81 matches found
CVE-2001-1555
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.
CVE-2002-1586
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
CVE-2002-2197
Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.
CVE-2003-1070
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).
CVE-2003-1072
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).
CVE-2004-1348
Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
CVE-2004-1393
Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).
CVE-2005-1124
Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API.
CVE-2002-2203
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.
CVE-2004-2306
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.
CVE-2005-0248
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.
CVE-2005-3071
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
CVE-2002-1589
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
CVE-2002-1590
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of...
CVE-2002-2089
Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.
CVE-2003-1059
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
CVE-2003-1079
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.
CVE-2005-3001
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2003-1077
Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).
CVE-2004-1353
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
CVE-2004-1358
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
CVE-2004-1394
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
CVE-2005-2870
Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses.
CVE-2003-1056
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
CVE-2003-1067
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
CVE-2003-1074
Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.
CVE-2003-1076
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.
CVE-2005-0816
Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.
CVE-2003-1075
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.
CVE-2004-1356
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
CVE-2005-4133
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.