Solaris
CVEs (497)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0466 | Cri | 0.73 | 9.8 | 0.78 | Aug 27, 2003 | Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow,… | ||
| CVE-2002-0391 | Cri | 0.68 | 9.8 | 0.58 | Aug 12, 2002 | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as… | ||
| CVE-1999-1588 | Cri | 0.67 | 9.8 | 0.10 | Dec 31, 1999 | Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766. | ||
| CVE-2001-0249 | Cri | 0.65 | 9.8 | 0.20 | Jun 18, 2001 | Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. | ||
| CVE-1999-0038 | Hig | 0.58 | 8.4 | 0.01 | Apr 26, 1997 | Buffer overflow in xlock program allows local users to execute commands as root. | ||
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.01 | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. | ||
| CVE-2009-2857 | Med | 0.36 | 5.5 | 0.00 | Aug 19, 2009 | The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and… | ||
| CVE-2005-0109 | Med | 0.36 | 5.6 | 0.01 | Mar 5, 2005 | Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as… | ||
| CVE-2007-0882 | 0.11 | — | 0.98 | Feb 12, 2007 | Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts,… | |||
| CVE-2003-0722 | 0.10 | — | 0.88 | Sep 22, 2003 | The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets. | |||
| CVE-2003-0201 | 0.10 | — | 0.84 | May 5, 2003 | Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. | |||
| CVE-2001-1583 | 0.10 | — | 0.83 | Dec 31, 2001 | lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. | |||
| CVE-2001-0797 | 0.10 | — | 0.89 | Dec 12, 2001 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. | |||
| CVE-2008-4556 | 0.09 | — | 0.70 | Oct 14, 2008 | Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. | |||
| CVE-2007-5365 | 0.09 | — | 0.80 | Oct 11, 2007 | Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request… | |||
| CVE-2004-0790 | 0.09 | — | 0.81 | Apr 12, 2005 | Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on… | |||
| CVE-2001-0236 | 0.09 | — | 0.72 | May 3, 2001 | Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. | |||
| CVE-1999-0513 | 0.09 | — | 0.70 | Jan 5, 1998 | ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. | |||
| CVE-2003-0694 | 0.08 | — | 0.60 | Oct 6, 2003 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | |||
| CVE-2001-0779 | 0.08 | — | 0.62 | Oct 18, 2001 | Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username. |
- risk 0.73cvss 9.8epss 0.78
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow,…
- risk 0.68cvss 9.8epss 0.58
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as…
- risk 0.67cvss 9.8epss 0.10
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
- risk 0.65cvss 9.8epss 0.20
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
- risk 0.58cvss 8.4epss 0.01
Buffer overflow in xlock program allows local users to execute commands as root.
- risk 0.51cvss 7.8epss 0.01
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
- risk 0.36cvss 5.5epss 0.00
The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and…
- risk 0.36cvss 5.6epss 0.01
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as…
- CVE-2007-0882Feb 12, 2007risk 0.11cvss —epss 0.98
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts,…
- CVE-2003-0722Sep 22, 2003risk 0.10cvss —epss 0.88
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
- CVE-2003-0201May 5, 2003risk 0.10cvss —epss 0.84
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
- CVE-2001-1583Dec 31, 2001risk 0.10cvss —epss 0.83
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
- CVE-2001-0797Dec 12, 2001risk 0.10cvss —epss 0.89
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
- CVE-2008-4556Oct 14, 2008risk 0.09cvss —epss 0.70
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
- CVE-2007-5365Oct 11, 2007risk 0.09cvss —epss 0.80
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request…
- CVE-2004-0790Apr 12, 2005risk 0.09cvss —epss 0.81
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on…
- CVE-2001-0236May 3, 2001risk 0.09cvss —epss 0.72
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
- CVE-1999-0513Jan 5, 1998risk 0.09cvss —epss 0.70
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
- CVE-2003-0694Oct 6, 2003risk 0.08cvss —epss 0.60
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
- CVE-2001-0779Oct 18, 2001risk 0.08cvss —epss 0.62
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
Page 1 of 25