Solaris@2.6 Security Vulnerabilities and Issues — Page 2 of Solaris@2.6 CVE List

Lucene search

SunSolaris2.6

128 matches found

CVE•added 2000/02/04 5:0 a.m.•50 views

CVE-1999-0213

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

10CVSS7.2AI score0.00483EPSS

CVE•added 2000/01/18 5:0 a.m.•50 views

CVE-1999-0875

DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

7.5CVSS7.1AI score0.22421EPSS

CVE•added 2000/05/18 4:0 a.m.•50 views

CVE-2000-0317

Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.

7.2CVSS7.2AI score0.0011EPSS

CVE•added 2001/05/07 4:0 a.m.•50 views

CVE-2001-0190

Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).

7.2CVSS6.9AI score0.00068EPSS

CVE•added 2003/04/02 5:0 a.m.•50 views

CVE-2002-0679

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

10CVSS7.9AI score0.70866EPSS

CVE•added 2005/02/08 5:0 a.m.•50 views

CVE-2002-1584

Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

10CVSS7.7AI score0.05257EPSS

CVE•added 2005/06/28 4:0 a.m.•50 views

CVE-2002-1980

Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.

7.2CVSS7.8AI score0.0006EPSS

CVE•added 2005/02/08 5:0 a.m.•50 views

CVE-2003-1078

The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.

7.5CVSS7.2AI score0.00602EPSS

CVE•added 2005/02/08 5:0 a.m.•49 views

CVE-2003-1071

rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.

2.1CVSS6.8AI score0.00322EPSS

CVE•added 1999/09/29 4:0 a.m.•48 views

CVE-1999-0442

Solaris ff.core allows local users to modify files.

2.1CVSS6.7AI score0.00154EPSS

CVE•added 2000/01/04 5:0 a.m.•48 views

CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

7.2CVSS6.7AI score0.00123EPSS

CVE•added 2002/12/23 5:0 a.m.•48 views

CVE-2002-1345

Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

5CVSS6.5AI score0.02126EPSS

CVE•added 2003/08/27 4:0 a.m.•48 views

CVE-2003-0669

Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.

1.2CVSS6.4AI score0.00058EPSS

CVE•added 2000/02/04 5:0 a.m.•47 views

CVE-1999-0949

Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.

7.2CVSS7.3AI score0.00145EPSS

CVE•added 2002/03/15 5:0 a.m.•47 views

CVE-2002-0085

cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.

5CVSS6.4AI score0.01271EPSS

CVE•added 2005/02/08 5:0 a.m.•47 views

CVE-2002-1587

The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.

2.1CVSS6.6AI score0.00065EPSS

CVE•added 2005/06/28 4:0 a.m.•47 views

CVE-2002-1871

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

7.2CVSS6.9AI score0.00056EPSS

CVE•added 2005/02/08 5:0 a.m.•47 views

CVE-2003-1061

Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.

1.2CVSS6.2AI score0.00063EPSS

CVE•added 1999/09/29 4:0 a.m.•46 views

CVE-1999-0190

Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

7.2CVSS7.7AI score0.00067EPSS

CVE•added 2000/03/22 5:0 a.m.•46 views

CVE-1999-0908

Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

5CVSS6.8AI score0.03801EPSS

CVE•added 2004/09/01 4:0 a.m.•46 views

CVE-2003-0027

Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

5CVSS6.7AI score0.65152EPSS

CVE•added 2003/08/27 4:0 a.m.•46 views

CVE-2003-0609

Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.

7.2CVSS6.9AI score0.00729EPSS

CVE•added 2000/01/04 5:0 a.m.•45 views

CVE-1999-0691

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

7.2CVSS7.2AI score0.00367EPSS

CVE•added 2000/06/02 4:0 a.m.•45 views

CVE-1999-0859

Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.

2.1CVSS6.6AI score0.00175EPSS

CVE•added 2003/04/02 5:0 a.m.•45 views

CVE-2003-0092

Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.

7.2CVSS7.1AI score0.0005EPSS

CVE•added 2005/02/08 5:0 a.m.•45 views

CVE-2003-1069

The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).

5CVSS7.1AI score0.00763EPSS

CVE•added 2001/07/02 4:0 a.m.•44 views

CVE-2001-0421

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed ...

6.4CVSS6.5AI score0.02445EPSS

CVE•added 2002/08/12 4:0 a.m.•44 views

CVE-2002-0797

Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.

10CVSS7.3AI score0.05285EPSS

CVE•added 2003/04/02 5:0 a.m.•44 views

CVE-2003-0091

Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.

7.2CVSS7.1AI score0.00077EPSS

CVE•added 2001/06/18 4:0 a.m.•43 views

CVE-2001-0401

Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

7.2CVSS7.7AI score0.00178EPSS

CVE•added 2002/07/03 4:0 a.m.•43 views

CVE-2002-0572

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to ...

7.2CVSS6AI score0.00211EPSS

CVE•added 2000/03/22 5:0 a.m.•42 views

CVE-1999-0786

The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

4.6CVSS6.8AI score0.00154EPSS

CVE•added 2000/02/04 5:0 a.m.•42 views

CVE-1999-0948

Buffer overflow in uum program for Canna input system allows local users to gain root privileges.

7.2CVSS7.3AI score0.00145EPSS

CVE•added 2001/05/07 4:0 a.m.•42 views

CVE-2001-0115

Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.

7.2CVSS7.8AI score0.0023EPSS

CVE•added 2001/05/07 4:0 a.m.•42 views

CVE-2001-0124

Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.

7.2CVSS7.4AI score0.00053EPSS

CVE•added 2002/03/09 5:0 a.m.•42 views

CVE-2001-0422

Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

7.2CVSS7.7AI score0.00263EPSS

CVE•added 2004/01/05 5:0 a.m.•42 views

CVE-2003-0999

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.

7.2CVSS8AI score0.00058EPSS

CVE•added 2005/01/19 5:0 a.m.•42 views

CVE-2004-1359

Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.

4.6CVSS7.5AI score0.00094EPSS

CVE•added 2005/03/10 5:0 a.m.•42 views

CVE-2004-1767

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.

7.2CVSS6.5AI score0.00066EPSS

CVE•added 2000/01/04 5:0 a.m.•41 views

CVE-1999-0689

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

7.2CVSS7.6AI score0.00126EPSS

CVE•added 2000/01/04 5:0 a.m.•41 views

CVE-1999-0973

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

10CVSS7.6AI score0.03141EPSS

CVE•added 2000/01/04 5:0 a.m.•41 views

CVE-1999-0974

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

10CVSS7.7AI score0.0244EPSS

CVE•added 2004/09/01 4:0 a.m.•41 views

CVE-2001-0548

Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.

4.6CVSS6.8AI score0.00123EPSS

CVE•added 2002/02/02 5:0 a.m.•41 views

CVE-2001-1076

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.

7.2CVSS7.8AI score0.00209EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1057

Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.

7.2CVSS7.5AI score0.00059EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1058

The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

3.7CVSS6.8AI score0.00077EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1066

Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.

5CVSS8AI score0.02283EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1082

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

7.2CVSS6.8AI score0.00144EPSS

CVE•added 1999/09/29 4:0 a.m.•40 views

CVE-1999-0339

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

7.2CVSS7.7AI score0.00063EPSS

CVE•added 2002/03/09 5:0 a.m.•40 views

CVE-1999-1423

ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

2.1CVSS7AI score0.00331EPSS

Total number of security vulnerabilities128