VYPR

Sunos

by Sun Corporation

CVEs (563)

  • CVE-2001-0595Aug 2, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.

  • CVE-2001-0594Aug 2, 2001
    risk 0.03cvss epss 0.01

    kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.

  • CVE-2001-1076Jul 5, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.

  • CVE-2001-0421Jul 2, 2001
    risk 0.03cvss epss 0.06

    FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive…

  • CVE-2001-0426Jul 2, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.

  • CVE-2001-0422Jul 2, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

  • CVE-2001-0401Jun 18, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

  • CVE-2001-0403Jun 18, 2001
    risk 0.03cvss epss 0.01

    /opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.

  • CVE-2001-0165May 3, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.

  • CVE-2001-0115Mar 12, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.

  • CVE-2001-0059Feb 12, 2001
    risk 0.03cvss epss 0.01

    patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2001-0095Feb 12, 2001
    risk 0.03cvss epss 0.01

    catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.

  • CVE-2000-0949Dec 19, 2000
    risk 0.03cvss epss 0.01

    Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.

  • CVE-2000-0471Jun 14, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

  • CVE-2000-0407May 12, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

  • CVE-2000-0337Apr 24, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.

  • CVE-2000-0316Apr 24, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.

  • CVE-2000-0317Apr 24, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.

  • CVE-1999-1587Dec 31, 1999
    risk 0.03cvss epss 0.01

    /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.

  • CVE-2000-0032Dec 22, 1999
    risk 0.03cvss epss 0.03

    Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

Page 4 of 29