Sunos
CVEs (563)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0848 | 0.04 | — | 0.06 | Nov 10, 1999 | Denial of service in BIND named via consuming more than "fdmax" file descriptors. | |||
| CVE-1999-0875 | 0.04 | — | 0.18 | Aug 11, 1999 | DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. | |||
| CVE-1999-0696 | 0.04 | — | 0.12 | Jul 1, 1999 | Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). | |||
| CVE-1999-0009 | 0.04 | — | 0.29 | Apr 8, 1998 | Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. | |||
| CVE-1999-0018 | 0.04 | — | 0.10 | Dec 5, 1997 | Buffer overflow in statd allows root privileges. | |||
| CVE-2008-1480 | 0.03 | — | 0.06 | Mar 24, 2008 | rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request. | |||
| CVE-2007-5225 | 0.03 | — | 0.01 | Oct 5, 2007 | Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl. | |||
| CVE-2005-2072 | 0.03 | — | 0.01 | Jun 29, 2005 | The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. | |||
| CVE-2004-2686 | 0.03 | — | 0.01 | Dec 31, 2004 | Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient… | |||
| CVE-2004-0360 | 0.03 | — | 0.01 | Nov 23, 2004 | Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors. | |||
| CVE-2003-1073 | 0.03 | — | 0.01 | Dec 31, 2003 | A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the… | |||
| CVE-2003-0609 | 0.03 | — | 0.04 | Aug 27, 2003 | Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable. | |||
| CVE-2003-1055 | 0.03 | — | 0.01 | Jul 3, 2003 | Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup. | |||
| CVE-2003-1071 | 0.03 | — | 0.01 | Jan 3, 2003 | rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header. | |||
| CVE-2002-0572 | 0.03 | — | 0.02 | Jul 3, 2002 | FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid… | |||
| CVE-2002-0158 | 0.03 | — | 0.01 | Apr 2, 2002 | Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. | |||
| CVE-2001-1582 | 0.03 | — | 0.01 | Dec 31, 2001 | Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap. | |||
| CVE-2001-0652 | 0.03 | — | 0.01 | Oct 30, 2001 | Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable. | |||
| CVE-2001-0548 | 0.03 | — | 0.01 | Aug 14, 2001 | Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. | |||
| CVE-2001-0565 | 0.03 | — | 0.01 | Aug 14, 2001 | Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option. |
- CVE-1999-0848Nov 10, 1999risk 0.04cvss —epss 0.06
Denial of service in BIND named via consuming more than "fdmax" file descriptors.
- CVE-1999-0875Aug 11, 1999risk 0.04cvss —epss 0.18
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
- CVE-1999-0696Jul 1, 1999risk 0.04cvss —epss 0.12
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
- CVE-1999-0009Apr 8, 1998risk 0.04cvss —epss 0.29
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
- CVE-1999-0018Dec 5, 1997risk 0.04cvss —epss 0.10
Buffer overflow in statd allows root privileges.
- CVE-2008-1480Mar 24, 2008risk 0.03cvss —epss 0.06
rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.
- CVE-2007-5225Oct 5, 2007risk 0.03cvss —epss 0.01
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
- CVE-2005-2072Jun 29, 2005risk 0.03cvss —epss 0.01
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
- CVE-2004-2686Dec 31, 2004risk 0.03cvss —epss 0.01
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient…
- CVE-2004-0360Nov 23, 2004risk 0.03cvss —epss 0.01
Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.
- CVE-2003-1073Dec 31, 2003risk 0.03cvss —epss 0.01
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the…
- CVE-2003-0609Aug 27, 2003risk 0.03cvss —epss 0.04
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
- CVE-2003-1055Jul 3, 2003risk 0.03cvss —epss 0.01
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.
- CVE-2003-1071Jan 3, 2003risk 0.03cvss —epss 0.01
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
- CVE-2002-0572Jul 3, 2002risk 0.03cvss —epss 0.02
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid…
- CVE-2002-0158Apr 2, 2002risk 0.03cvss —epss 0.01
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.
- CVE-2001-1582Dec 31, 2001risk 0.03cvss —epss 0.01
Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.
- CVE-2001-0652Oct 30, 2001risk 0.03cvss —epss 0.01
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
- CVE-2001-0548Aug 14, 2001risk 0.03cvss —epss 0.01
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
- CVE-2001-0565Aug 14, 2001risk 0.03cvss —epss 0.01
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.
Page 3 of 29