Solaris@2.6 Security Vulnerabilities and Issues — Solaris@2.6 CVE List

Lucene search

SunSolaris2.6

128 matches found

CVE•added 2002/03/09 5:0 a.m.•6366 views

CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

10CVSS7.4AI score0.27436EPSS

CVE•added 2000/02/04 5:0 a.m.•423 views

CVE-1999-0502

A Unix account has a default, null, blank, or missing password.

7.5CVSS6.4AI score0.35822EPSS

CVE•added 1999/09/29 4:0 a.m.•370 views

CVE-1999-0024

DNS cache poisoning via BIND, by predictable query IDs.

5CVSS6.7AI score0.01325EPSS

CVE•added 2002/06/25 4:0 a.m.•153 views

CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

10CVSS7.4AI score0.88625EPSS

CVE•added 1999/09/29 4:0 a.m.•147 views

CVE-1999-0513

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

5CVSS7.3AI score0.25583EPSS

CVE•added 2000/02/04 5:0 a.m.•131 views

CVE-1999-0186

In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.

10CVSS7.8AI score0.03783EPSS

CVE•added 2003/04/02 5:0 a.m.•119 views

CVE-2002-0573

Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.

7.5CVSS7.6AI score0.47418EPSS

CVE•added 2003/05/05 4:0 a.m.•118 views

CVE-2003-0201

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

10CVSS7.3AI score0.76919EPSS

CVE•added 1999/09/29 4:0 a.m.•112 views

CVE-1999-0003

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

10CVSS7.5AI score0.90339EPSS

CVE•added 1999/09/29 4:0 a.m.•102 views

CVE-1999-0097

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

10CVSS7.2AI score0.01076EPSS

CVE•added 2005/02/08 5:0 a.m.•98 views

CVE-2003-1063

The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.

7.5CVSS6.8AI score0.00428EPSS

CVE•added 2003/04/02 5:0 a.m.•93 views

CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers...

10CVSS7.6AI score0.71952EPSS

CVE•added 2003/10/06 4:0 a.m.•92 views

CVE-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

10CVSS7.7AI score0.7608EPSS

CVE•added 2003/03/25 5:0 a.m.•89 views

CVE-2003-0028

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a differ...

7.5CVSS9.8AI score0.56051EPSS

CVE•added 2001/01/22 5:0 a.m.•86 views

CVE-2000-0844

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

10CVSS7.7AI score0.00891EPSS

CVE•added 2004/09/01 4:0 a.m.•84 views

CVE-2002-1317

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

7.5CVSS8AI score0.42484EPSS

CVE•added 2003/04/02 5:0 a.m.•81 views

CVE-2002-0391

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

10CVSS9.9AI score0.0457EPSS

CVE•added 1999/09/29 4:0 a.m.•79 views

CVE-1999-0008

Buffer overflow in NIS+, in Sun's rpc.nisd program.

10CVSS7AI score0.03952EPSS

CVE•added 2000/02/04 5:0 a.m.•77 views

CVE-1999-0254

A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.

10CVSS6.6AI score0.00902EPSS

CVE•added 1999/09/29 4:0 a.m.•76 views

CVE-1999-0009

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

10CVSS7.3AI score0.8048EPSS

CVE•added 2002/03/09 5:0 a.m.•74 views

CVE-2001-0236

Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.

10CVSS7.5AI score0.77743EPSS

CVE•added 2003/05/05 4:0 a.m.•74 views

CVE-2003-0196

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

10CVSS7.6AI score0.76919EPSS

CVE•added 2002/07/23 4:0 a.m.•68 views

CVE-2002-0677

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

7.5CVSS6.8AI score0.19026EPSS

CVE•added 2000/01/04 5:0 a.m.•63 views

CVE-1999-0977

Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

10CVSS7.2AI score0.05886EPSS

CVE•added 1999/09/29 4:0 a.m.•62 views

CVE-1999-0054

Sun's ftpd daemon can be subjected to a denial of service.

5CVSS7.3AI score0.00562EPSS

CVE•added 2005/06/21 4:0 a.m.•62 views

CVE-2001-1503

The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.

2.1CVSS6.5AI score0.00215EPSS

CVE•added 2004/09/01 4:0 a.m.•62 views

CVE-2002-0158

Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.

7.2CVSS6.9AI score0.00178EPSS

CVE•added 2001/09/18 4:0 a.m.•61 views

CVE-2001-0353

Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.

10CVSS7AI score0.01477EPSS

CVE•added 2002/03/15 5:0 a.m.•61 views

CVE-2002-0089

Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.

7.2CVSS6.9AI score0.00077EPSS

CVE•added 2003/04/02 5:0 a.m.•61 views

CVE-2002-0678

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

7.2CVSS6.2AI score0.0043EPSS

CVE•added 2005/02/08 5:0 a.m.•60 views

CVE-2001-1414

The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.

7.5CVSS7.2AI score0.00717EPSS

CVE•added 1999/09/29 4:0 a.m.•57 views

CVE-1999-0125

Buffer overflow in SGI IRIX mailx program.

4.6CVSS7.7AI score0.00634EPSS

CVE•added 1999/09/29 4:0 a.m.•56 views

CVE-1999-0055

Buffer overflows in Sun libnsl allow root access.

7.2CVSS7.5AI score0.0008EPSS

CVE•added 2000/06/02 4:0 a.m.•56 views

CVE-1999-0493

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

7.5CVSS6.7AI score0.06771EPSS

CVE•added 2002/03/09 5:0 a.m.•56 views

CVE-2001-0779

Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.

10CVSS7AI score0.8072EPSS

CVE•added 2003/04/02 5:0 a.m.•56 views

CVE-2002-0033

Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.

10CVSS7.9AI score0.55469EPSS

CVE•added 2000/06/02 4:0 a.m.•55 views

CVE-1999-0696

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

10CVSS6.9AI score0.05576EPSS

CVE•added 2000/01/04 5:0 a.m.•54 views

CVE-1999-0687

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

7.5CVSS7.3AI score0.07295EPSS

CVE•added 2000/02/04 5:0 a.m.•54 views

CVE-1999-0767

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

7.2CVSS7.3AI score0.00626EPSS

CVE•added 2005/02/08 5:0 a.m.•54 views

CVE-2003-1068

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.

7.2CVSS6.8AI score0.00144EPSS

CVE•added 1999/09/29 4:0 a.m.•53 views

CVE-1999-0302

SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

7.5CVSS8.2AI score0.00639EPSS

CVE•added 2002/03/15 5:0 a.m.•53 views

CVE-2002-0084

Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.

7.2CVSS6.5AI score0.03227EPSS

CVE•added 2004/09/01 4:0 a.m.•53 views

CVE-2003-0064

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary...

7.5CVSS7.2AI score0.00871EPSS

CVE•added 2000/10/13 4:0 a.m.•52 views

CVE-2000-0471

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

7.2CVSS6.8AI score0.00344EPSS

CVE•added 2001/07/02 4:0 a.m.•52 views

CVE-2001-0426

Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.

7.2CVSS7.3AI score0.00126EPSS

CVE•added 2005/02/08 5:0 a.m.•52 views

CVE-2003-1073

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes pla...

1.2CVSS6.6AI score0.00165EPSS

CVE•added 1999/09/29 4:0 a.m.•51 views

CVE-1999-0065

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

7.5CVSS7.9AI score0.01279EPSS

CVE•added 1999/09/29 4:0 a.m.•51 views

CVE-1999-0188

The passwd command in Solaris can be subjected to a denial of service.

7.2CVSS7.3AI score0.00067EPSS

CVE•added 1999/09/29 4:0 a.m.•51 views

CVE-1999-0315

Buffer overflow in Solaris fdformat command gives root access to local users.