CVE-2003-1063

The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.

CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys,...

CVE-2001-1503

The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.

CVE-2001-1414

The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.

CVE-2003-1068

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.

CVE-2004-1307

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflo...

CVE-2003-1073

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes pla...

CVE-2002-1584

Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

CVE-2002-1980

Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.

CVE-2003-1078

The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.

CVE-2003-1071

rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.

CVE-2002-1587

The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.

CVE-2003-1061

Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.

CVE-2004-1352

Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.

CVE-2003-1069

The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).

CVE-2005-1591

Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.

CVE-2003-1060

The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.

CVE-2004-1359

Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.

CVE-2004-1767

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.

CVE-2005-1518

Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.

CVE-2003-1057

Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.

CVE-2003-1058

The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

CVE-2003-1066

Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.

CVE-2003-1082

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

CVE-2004-1351

Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.

CVE-2005-2032

Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

CVE-2003-1070

Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).

CVE-2002-1586

Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.

CVE-2002-2203

Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.

CVE-2004-2306

Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.

CVE-2003-1079

Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.

CVE-2003-1056

The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

CVE-2003-1067

Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.

CVE-2003-1076

Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.

CVE-2005-0816

Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.

CVE-2003-1075

Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.