Solaris Security Vulnerabilities and Issues — Solaris CVE List

Lucene search

SunSolaris

8 matches found

CVE•added 2006/08/14 9:4 p.m.•47 views

CVE-2006-4117

The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function...

5.4CVSS6.7AI score0.00882EPSS

CVE•added 2006/08/29 11:4 p.m.•46 views

CVE-2006-4439

pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.

3.6CVSS6AI score0.00056EPSS

CVE•added 2006/08/23 7:4 p.m.•45 views

CVE-2006-4306

Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile.

7.2CVSS7AI score0.00056EPSS

CVE•added 2006/08/01 10:4 p.m.•44 views

CVE-2006-3968

The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.

5CVSS6.9AI score0.00591EPSS

CVE•added 2006/08/24 1:4 a.m.•40 views

CVE-2006-4319

Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

7.2CVSS7.2AI score0.0007EPSS

CVE•added 2006/08/23 1:4 a.m.•39 views

CVE-2006-4303

Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).

2.6CVSS6.6AI score0.00711EPSS

CVE•added 2006/08/23 7:4 p.m.•39 views

CVE-2006-4307

Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.

7.2CVSS6.2AI score0.0007EPSS

CVE•added 2006/08/14 11:4 p.m.•32 views

CVE-2006-4139

Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.

5.4CVSS6.9AI score0.00763EPSS