Sunos@- Security Vulnerabilities and Issues — Page 2 of Sunos@- CVE List

The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.

2.1CVSS6.6AI score0.00065EPSS

CVE•added 2005/02/08 5:0 a.m.•47 views

CVE-2003-1061

Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.

1.2CVSS6.2AI score0.00063EPSS

CVE•added 1999/09/29 4:0 a.m.•46 views

CVE-1999-0190

Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

7.2CVSS7.7AI score0.00067EPSS

CVE•added 2000/03/22 5:0 a.m.•46 views

CVE-1999-0908

Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

5CVSS6.8AI score0.03801EPSS

CVE•added 2004/09/01 4:0 a.m.•46 views

CVE-2003-0027

Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

5CVSS6.7AI score0.65152EPSS

CVE•added 2003/08/27 4:0 a.m.•46 views

CVE-2003-0609

Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.

7.2CVSS6.9AI score0.00729EPSS

CVE•added 2000/06/02 4:0 a.m.•45 views

CVE-1999-0859

Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.

2.1CVSS6.6AI score0.00175EPSS

CVE•added 2005/02/08 5:0 a.m.•45 views

CVE-2003-1069

The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).

5CVSS7.1AI score0.00763EPSS

CVE•added 2002/08/12 4:0 a.m.•44 views

CVE-2002-0797

Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.

10CVSS7.3AI score0.05285EPSS

CVE•added 2002/07/03 4:0 a.m.•43 views

CVE-2002-0572

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to ...

7.2CVSS6AI score0.00211EPSS

CVE•added 2000/03/22 5:0 a.m.•42 views

CVE-1999-0786

The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

4.6CVSS6.8AI score0.00154EPSS

CVE•added 2000/02/04 5:0 a.m.•42 views

CVE-1999-0948

Buffer overflow in uum program for Canna input system allows local users to gain root privileges.

7.2CVSS7.3AI score0.00145EPSS

CVE•added 2001/05/07 4:0 a.m.•42 views

CVE-2001-0115

Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.

7.2CVSS7.8AI score0.0023EPSS

CVE•added 2004/01/05 5:0 a.m.•42 views

CVE-2003-0999

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.

7.2CVSS8AI score0.00058EPSS

CVE•added 2005/01/19 5:0 a.m.•42 views

CVE-2004-1359

Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.

4.6CVSS7.5AI score0.00094EPSS

CVE•added 1999/09/29 4:0 a.m.•41 views

CVE-1999-0139

Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

7.2CVSS7.3AI score0.00063EPSS

CVE•added 1999/09/29 4:0 a.m.•41 views

CVE-1999-0369

The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.

7.2CVSS8.2AI score0.0041EPSS

CVE•added 2000/01/04 5:0 a.m.•41 views

CVE-1999-0689

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

7.2CVSS7.6AI score0.00126EPSS

CVE•added 2000/01/04 5:0 a.m.•41 views

CVE-1999-0973

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

10CVSS7.6AI score0.03141EPSS

CVE•added 2000/01/04 5:0 a.m.•41 views

CVE-1999-0974

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

10CVSS7.7AI score0.0244EPSS

CVE•added 2002/02/02 5:0 a.m.•41 views

CVE-2001-1076

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.

7.2CVSS7.8AI score0.00209EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1057

Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.

7.2CVSS7.5AI score0.00059EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1058

The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

3.7CVSS6.8AI score0.00077EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1066

Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.

5CVSS8AI score0.02283EPSS

CVE•added 2005/02/08 5:0 a.m.•41 views

CVE-2003-1082

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

7.2CVSS6.8AI score0.00144EPSS

CVE•added 1999/09/29 4:0 a.m.•40 views

CVE-1999-0303

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

4.6CVSS7.7AI score0.00055EPSS

CVE•added 1999/09/29 4:0 a.m.•40 views

CVE-1999-0339

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

7.2CVSS7.7AI score0.00063EPSS

CVE•added 2001/09/12 4:0 a.m.•40 views

CVE-1999-1371

Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.

7.2CVSS7.2AI score0.00138EPSS

CVE•added 2000/02/08 5:0 a.m.•40 views

CVE-2000-0118

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

7.2CVSS6.9AI score0.00148EPSS

CVE•added 2005/02/08 5:0 a.m.•40 views

CVE-2003-1070

Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).

5CVSS7AI score0.009EPSS

CVE•added 2000/04/18 4:0 a.m.•39 views

CVE-1999-0773

Buffer overflow in Solaris lpset program allows local users to gain root access.

7.2CVSS7.2AI score0.00145EPSS

CVE•added 2000/02/04 5:0 a.m.•39 views

CVE-1999-0860

Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.

2.1CVSS6.6AI score0.00175EPSS

CVE•added 2005/02/08 5:0 a.m.•39 views

CVE-2002-1586

Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.

2.1CVSS6.6AI score0.00067EPSS

CVE•added 2005/11/16 9:17 p.m.•39 views

CVE-2002-2203

Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.

4.9CVSS6.6AI score0.0007EPSS

CVE•added 2006/05/05 10:0 p.m.•39 views

CVE-2005-4796

Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.

3.6CVSS5.8AI score0.00073EPSS

CVE•added 1999/09/29 4:0 a.m.•38 views

CVE-1999-0296

Solaris volrmmount program allows attackers to read any file.

7.2CVSS7.2AI score0.00067EPSS

CVE•added 2000/02/04 5:0 a.m.•38 views

CVE-2000-0055

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

7.2CVSS7.3AI score0.00063EPSS

CVE•added 2005/02/08 5:0 a.m.•38 views

CVE-2003-1079

Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.

5CVSS7AI score0.01108EPSS

CVE•added 2001/09/12 4:0 a.m.•37 views

CVE-1999-1025

CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.

4.6CVSS7.1AI score0.00074EPSS

CVE•added 2002/03/09 5:0 a.m.•37 views

CVE-2001-0565

Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.

4.6CVSS6.9AI score0.00175EPSS

CVE•added 2005/02/08 5:0 a.m.•36 views

CVE-2003-1056

The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

7.2CVSS6.8AI score0.00047EPSS

CVE•added 2005/02/08 5:0 a.m.•36 views

CVE-2003-1067

Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.

7.2CVSS6.7AI score0.00092EPSS

CVE•added 2000/04/18 4:0 a.m.•35 views

CVE-1999-0676

sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

4.6CVSS6.6AI score0.00073EPSS

CVE•added 2000/07/12 4:0 a.m.•34 views

CVE-2000-0407

Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

7.2CVSS7.7AI score0.00212EPSS

CVE•added 2005/02/08 5:0 a.m.•34 views

CVE-2003-1075

Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.

5CVSS7AI score0.00911EPSS

CVE•added 2002/03/09 5:0 a.m.•33 views

CVE-1999-1297

cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.

2.1CVSS7.2AI score0.0013EPSS

CVE•added 2002/03/09 5:0 a.m.•32 views

CVE-1999-1402

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

2.1CVSS7.3AI score0.00115EPSS

Total number of security vulnerabilities103