Sunos
CVEs (563)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-1503 | 0.00 | — | 0.01 | Dec 31, 2001 | The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host. | |||
| CVE-2001-1555 | 0.00 | — | 0.00 | Dec 31, 2001 | pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY. | |||
| CVE-2001-1414 | 0.00 | — | 0.02 | Oct 9, 2001 | The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root. | |||
| CVE-2001-0686 | 0.00 | — | 0.00 | Sep 20, 2001 | Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable. | |||
| CVE-2001-0699 | 0.00 | — | 0.00 | Sep 20, 2001 | Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument. | |||
| CVE-2001-0353 | 0.00 | — | 0.04 | Jul 21, 2001 | Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine. | |||
| CVE-2001-1244 | 0.00 | — | 0.35 | Jul 7, 2001 | Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that… | |||
| CVE-2001-0470 | 0.00 | — | 0.00 | Jun 27, 2001 | Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name. | |||
| CVE-2001-0269 | 0.00 | — | 0.03 | May 3, 2001 | pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password. | |||
| CVE-2001-0190 | 0.00 | — | 0.00 | Mar 26, 2001 | Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0). | |||
| CVE-2001-0124 | 0.00 | — | 0.00 | Mar 12, 2001 | Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument. | |||
| CVE-2000-0055 | 0.00 | — | 0.00 | Jan 6, 2000 | Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option. | |||
| CVE-1999-1592 | 0.00 | — | 0.01 | Dec 31, 1999 | Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129. | |||
| CVE-1999-1585 | 0.00 | — | 0.00 | Dec 31, 1999 | The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges. | |||
| CVE-1999-1586 | 0.00 | — | 0.00 | Dec 31, 1999 | loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584. | |||
| CVE-1999-1584 | 0.00 | — | 0.01 | Dec 31, 1999 | Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586. | |||
| CVE-1999-1102 | 0.00 | — | 0.00 | Dec 31, 1999 | lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. | |||
| CVE-2000-0030 | 0.00 | — | 0.01 | Dec 22, 1999 | Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. | |||
| CVE-1999-0974 | 0.00 | — | 0.03 | Dec 9, 1999 | Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service. | |||
| CVE-1999-0840 | 0.00 | — | 0.00 | Nov 30, 1999 | Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option. |
- CVE-2001-1503Dec 31, 2001risk 0.00cvss —epss 0.01
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
- CVE-2001-1555Dec 31, 2001risk 0.00cvss —epss 0.00
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.
- CVE-2001-1414Oct 9, 2001risk 0.00cvss —epss 0.02
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
- CVE-2001-0686Sep 20, 2001risk 0.00cvss —epss 0.00
Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable.
- CVE-2001-0699Sep 20, 2001risk 0.00cvss —epss 0.00
Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.
- CVE-2001-0353Jul 21, 2001risk 0.00cvss —epss 0.04
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
- CVE-2001-1244Jul 7, 2001risk 0.00cvss —epss 0.35
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that…
- CVE-2001-0470Jun 27, 2001risk 0.00cvss —epss 0.00
Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
- CVE-2001-0269May 3, 2001risk 0.00cvss —epss 0.03
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.
- CVE-2001-0190Mar 26, 2001risk 0.00cvss —epss 0.00
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).
- CVE-2001-0124Mar 12, 2001risk 0.00cvss —epss 0.00
Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.
- CVE-2000-0055Jan 6, 2000risk 0.00cvss —epss 0.00
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
- CVE-1999-1592Dec 31, 1999risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.
- CVE-1999-1585Dec 31, 1999risk 0.00cvss —epss 0.00
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
- CVE-1999-1586Dec 31, 1999risk 0.00cvss —epss 0.00
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
- CVE-1999-1584Dec 31, 1999risk 0.00cvss —epss 0.01
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
- CVE-1999-1102Dec 31, 1999risk 0.00cvss —epss 0.00
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
- CVE-2000-0030Dec 22, 1999risk 0.00cvss —epss 0.01
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.
- CVE-1999-0974Dec 9, 1999risk 0.00cvss —epss 0.03
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
- CVE-1999-0840Nov 30, 1999risk 0.00cvss —epss 0.00
Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.
Page 24 of 29