Solaris@9.0 Security Vulnerabilities and Issues — Solaris@9.0 CVE List

Lucene search

SunSolaris9.0

54 matches found

CVE•added 2005/11/01 12:47 p.m.•426 views

CVE-2005-3398

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

4.3CVSS6.2AI score0.39542EPSS

CVE•added 2005/04/21 4:0 a.m.•176 views

CVE-2004-1082

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

7.5CVSS8.1AI score0.05469EPSS

CVE•added 2005/04/13 4:0 a.m.•105 views

CVE-2004-0790

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0...

5CVSS7.5AI score0.79728EPSS

CVE•added 2005/03/08 5:0 a.m.•76 views

CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys,...

5.6CVSS5.4AI score0.00143EPSS

CVE•added 2005/04/13 4:0 a.m.•75 views

CVE-2004-0791

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and C...

5CVSS7.5AI score0.79728EPSS

CVE•added 2005/02/08 5:0 a.m.•54 views

CVE-2003-1068

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.

7.2CVSS6.8AI score0.00144EPSS

CVE•added 2005/05/04 4:0 a.m.•54 views

CVE-2004-1307

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflo...

7.5CVSS7.7AI score0.05111EPSS

CVE•added 2005/01/19 5:0 a.m.•54 views

CVE-2004-1357

The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.

5CVSS7AI score0.04977EPSS

CVE•added 2005/02/08 5:0 a.m.•52 views

CVE-2003-1073

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes pla...

1.2CVSS6.6AI score0.00165EPSS

CVE•added 2005/05/02 4:0 a.m.•52 views

CVE-2005-0426

Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.

5CVSS7AI score0.00739EPSS

CVE•added 2005/02/08 5:0 a.m.•49 views

CVE-2003-1071

rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.

2.1CVSS6.8AI score0.00322EPSS

CVE•added 2005/01/19 5:0 a.m.•48 views

CVE-2004-1354

The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) at...

5CVSS6.6AI score0.03275EPSS

CVE•added 2005/02/08 5:0 a.m.•47 views

CVE-2003-1061

Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.

1.2CVSS6.2AI score0.00063EPSS

CVE•added 2005/06/29 4:0 a.m.•47 views

CVE-2005-2072

The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.

7.2CVSS6.7AI score0.00292EPSS

CVE•added 2005/02/24 5:0 a.m.•46 views

CVE-2004-0481

The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.

2.1CVSS6.4AI score0.00054EPSS

CVE•added 2005/01/19 5:0 a.m.•46 views

CVE-2004-1352

Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.

7.2CVSS7.7AI score0.00084EPSS

CVE•added 2005/02/08 5:0 a.m.•45 views

CVE-2003-1069

The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).

5CVSS7.1AI score0.00763EPSS

CVE•added 2005/05/16 4:0 a.m.•45 views

CVE-2005-1591

Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.

5CVSS7AI score0.00655EPSS

CVE•added 2005/02/08 5:0 a.m.•44 views

CVE-2003-1060

The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.

5CVSS7.1AI score0.00739EPSS

CVE•added 2005/09/28 11:3 p.m.•44 views

CVE-2005-3099

Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.

4.6CVSS6.8AI score0.00078EPSS

CVE•added 2005/02/08 5:0 a.m.•43 views

CVE-2002-1585

Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.

5CVSS7AI score0.00739EPSS

CVE•added 2005/02/08 5:0 a.m.•43 views

CVE-2003-1055

Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.

7.2CVSS7.3AI score0.00249EPSS

CVE•added 2005/02/15 5:0 a.m.•43 views

CVE-2005-0447

Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.

5CVSS7AI score0.00911EPSS

CVE•added 2005/01/19 5:0 a.m.•42 views

CVE-2004-1359

Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.

4.6CVSS7.5AI score0.00094EPSS

CVE•added 2005/03/10 5:0 a.m.•42 views

CVE-2004-1767

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.

7.2CVSS6.5AI score0.00066EPSS

CVE•added 2005/05/02 4:0 a.m.•42 views

CVE-2005-0576

Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.

3.6CVSS6.8AI score0.00054EPSS

CVE•added 2005/05/11 4:0 a.m.•42 views

CVE-2005-1518

Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.

2.1CVSS6.6AI score0.00058EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1057

Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.

7.2CVSS7.5AI score0.00059EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1058

The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

3.7CVSS6.8AI score0.00077EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1066

Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.

5CVSS8AI score0.02283EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1082

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

7.2CVSS6.8AI score0.00144EPSS

CVE•added 2005/01/19 5:0 a.m.•41 views

CVE-2004-1346

The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.

2.1CVSS6.1AI score0.00087EPSS

CVE•added 2005/01/19 5:0 a.m.•41 views

CVE-2004-1351

Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.

10CVSS7.5AI score0.14682EPSS

CVE•added 2005/06/21 4:0 a.m.•41 views

CVE-2005-2032

Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

2.1CVSS6.3AI score0.00058EPSS

CVE•added 2005/11/18 9:3 p.m.•41 views

CVE-2005-3674

The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details ...

7.8CVSS6.5AI score0.08207EPSS

CVE•added 2005/02/08 5:0 a.m.•40 views

CVE-2003-1070

Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).

5CVSS7AI score0.009EPSS

CVE•added 2005/05/02 4:0 a.m.•40 views

CVE-2005-1124

Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API.

4.6CVSS6.9AI score0.00066EPSS

CVE•added 2005/02/08 5:0 a.m.•39 views

CVE-2002-1586

Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.

2.1CVSS6.6AI score0.00067EPSS

CVE•added 2005/08/16 4:0 a.m.•39 views

CVE-2004-2306

Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.

4.6CVSS7AI score0.00077EPSS

CVE•added 2005/05/02 4:0 a.m.•39 views

CVE-2005-0248

The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.

7.5CVSS7.1AI score0.00567EPSS

CVE•added 2005/09/27 7:3 p.m.•39 views

CVE-2005-3071

Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.

2.1CVSS6.2AI score0.00063EPSS

CVE•added 2005/08/05 4:0 a.m.•38 views

CVE-2002-2089

Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.

4.6CVSS7.9AI score0.00096EPSS

CVE•added 2005/02/08 5:0 a.m.•38 views

CVE-2003-1059

Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.

7.2CVSS7.2AI score0.00047EPSS

CVE•added 2005/02/08 5:0 a.m.•38 views

CVE-2003-1079

Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.

5CVSS7AI score0.01108EPSS

CVE•added 2005/02/08 5:0 a.m.•37 views

CVE-2003-1077

Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).

2.1CVSS6.6AI score0.0007EPSS

CVE•added 2005/01/19 5:0 a.m.•37 views

CVE-2004-1353

Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.

7.2CVSS7.2AI score0.00058EPSS

CVE•added 2005/01/19 5:0 a.m.•37 views

CVE-2004-1358

The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.

5CVSS7AI score0.0054EPSS

CVE•added 2005/02/08 5:0 a.m.•37 views

CVE-2004-1394

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.

4.6CVSS7.2AI score0.00077EPSS

CVE•added 2005/02/08 5:0 a.m.•36 views

CVE-2003-1067

Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.

7.2CVSS6.7AI score0.00092EPSS

CVE•added 2005/02/08 5:0 a.m.•36 views

CVE-2003-1074

Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.

7.2CVSS7AI score0.00053EPSS

Total number of security vulnerabilities54