| CVE-2003-0466 | Cri | 0.74 | 9.8 | 0.91 | | Aug 27, 2003 | Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. |
| CVE-1999-1588 | Cri | 0.68 | 9.8 | 0.18 | | Dec 31, 1999 | Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766. |
| CVE-2002-0391 | Cri | 0.64 | 9.8 | 0.08 | | Aug 12, 2002 | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. |
| CVE-1999-0038 | Hig | 0.58 | 8.4 | 0.00 | | Apr 26, 1997 | Buffer overflow in xlock program allows local users to execute commands as root. |
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.00 | | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. |
| CVE-2005-0109 | Med | 0.36 | 5.6 | 0.00 | | Mar 5, 2005 | Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. |
| CVE-2004-0790 | | 0.10 | — | 0.85 | | Apr 12, 2005 | Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. |
| CVE-2003-0722 | | 0.10 | — | 0.87 | | Sep 22, 2003 | The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets. |
| CVE-2003-0201 | | 0.10 | — | 0.84 | | May 5, 2003 | Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. |
| CVE-2001-0797 | | 0.10 | — | 0.89 | | Dec 12, 2001 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. |
| CVE-1999-0003 | | 0.10 | — | 0.91 | | Apr 1, 1998 | Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). |
| CVE-2008-4556 | | 0.09 | — | 0.79 | | Oct 14, 2008 | Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. |
| CVE-2005-4797 | | 0.09 | — | 0.73 | | Dec 31, 2005 | Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command. |
| CVE-2003-0694 | | 0.09 | — | 0.76 | | Oct 6, 2003 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
| CVE-2003-0027 | | 0.09 | — | 0.72 | | Feb 7, 2003 | Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. |
| CVE-2001-0779 | | 0.09 | — | 0.74 | | Oct 18, 2001 | Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username. |
| CVE-2001-0236 | | 0.09 | — | 0.70 | | May 3, 2001 | Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. |
| CVE-1999-0009 | | 0.09 | — | 0.80 | | Apr 8, 1998 | Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
| CVE-2003-0161 | | 0.08 | — | 0.68 | | Apr 2, 2003 | The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. |
| CVE-2002-1317 | | 0.07 | — | 0.50 | | Dec 11, 2002 | Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. |
