Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sun | First view | 2006-07-21 |
| Product | Sunos | Last view | 2015-01-21 |
| Version | 5.10 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:sun:sunos | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 1.9 | 2015-01-21 | CVE-2015-0430 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility. |
| 3.3 | 2015-01-21 | CVE-2015-0429 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility. |
| 4.9 | 2015-01-21 | CVE-2015-0428 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control. |
| 5 | 2015-01-21 | CVE-2015-0375 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network. |
| 5 | 2015-01-21 | CVE-2014-6575 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230. |
| 7.2 | 2015-01-21 | CVE-2014-6524 | Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. |
| 7.2 | 2015-01-21 | CVE-2014-6521 | Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility. |
| 6.6 | 2015-01-21 | CVE-2014-6518 | Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS). |
| 4.9 | 2015-01-21 | CVE-2014-6509 | Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. |
| 4.3 | 2015-01-21 | CVE-2014-6481 | Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL. |
| 7.8 | 2014-10-15 | CVE-2014-6508 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM). |
| 7.2 | 2014-10-15 | CVE-2014-6473 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework. |
| 4 | 2014-07-17 | CVE-2014-4239 | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao). |
| 6.9 | 2014-07-17 | CVE-2014-4225 | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts. |
| 4.9 | 2014-07-17 | CVE-2014-4224 | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs. |
| 4.9 | 2014-07-17 | CVE-2014-4215 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2013-5862. |
| 4.9 | 2014-04-15 | CVE-2014-0447 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876. |
| 4.6 | 2014-04-15 | CVE-2014-0442 | Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility. |
| 4.3 | 2014-01-15 | CVE-2014-0390 | Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console. |
| 4.9 | 2014-01-15 | CVE-2013-5876 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447. |
| 2.1 | 2014-01-15 | CVE-2013-5872 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD). |
| 4.6 | 2014-01-15 | CVE-2013-5821 | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC. |
| 4.9 | 2013-10-16 | CVE-2013-5864 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver. |
| 4.9 | 2013-10-16 | CVE-2013-5862 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215. |
| 4.3 | 2013-10-16 | CVE-2013-5839 | Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 27% (5) | CWE-264 | Permissions, Privileges, and Access Controls |
| 16% (3) | CWE-16 | Configuration |
| 11% (2) | CWE-399 | Resource Management Errors |
| 11% (2) | CWE-189 | Numeric Errors |
| 11% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 5% (1) | CWE-362 | Race Condition |
| 5% (1) | CWE-255 | Credentials Management |
| 5% (1) | CWE-134 | Uncontrolled Format String |
| 5% (1) | CWE-88 | Argument Injection or Modification |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-2 | Inducing Account Lockout |
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
| CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
| CAPEC-88 | OS Command Injection |
| CAPEC-133 | Try All Common Application Switches and Options |
| CAPEC-147 | XML Ping of Death |
| CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
SAINT Exploits
| Description | Link |
|---|---|
| Solaris telnetd authentication bypass | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 78427 | Oracle Solaris Kernel Component Unspecified Local DoS (2012-0098) |
| 78425 | Oracle Solaris sshd Component Unspecified Remote DoS |
| 78424 | Oracle Solaris TCP/IP Component Unspecified Local Issue |
| 78422 | Oracle Solaris Network Component Unspecified Remote DoS |
| 78421 | Oracle Solaris Kerberos Component Unspecified Local Privilege Escalation |
| 78420 | Oracle Solaris TCP/IP Component Unspecified Remote DoS |
| 76474 | Oracle Solaris Kernel/Performance Counter BackEnd Module (pcbe) Component Uns... |
| 76468 | Oracle Solaris Process File System (procfs) Component Unspecified Local Issue |
| 76467 | Oracle Solaris LDAP Library Component Unspecified Remote Issue |
| 76466 | Oracle Solaris ZFS Component Unspecified Local DoS (2011-2313) |
| 73968 | Oracle Solaris Trusted Extensions Unspecified Local Information Disclosure |
| 73967 | Oracle Solaris LiveUpgrade Unspecified Local Issue |
| 73966 | Oracle Solaris rksh Unspecified Local Issue |
| 73965 | Oracle Solaris Driver/USB Unspecified Local DoS |
| 73963 | Oracle Solaris UFS Unspecified Local DoS |
| 73962 | Oracle Solaris Kernel/sockfs Unspecified Local DoS |
| 73960 | Oracle Solaris KSSL Unspecified Remote DoS |
| 73959 | Oracle Solaris SSH Unspecified Remote DoS |
| 73958 | Oracle Solaris TCP/IP Unspecified Remote DoS |
| 73957 | Oracle Solaris Installer Unspecified Local Issue |
| 73955 | Oracle Solaris fingerd Unspecified Remote DoS |
| 71943 | Oracle Solaris LOFS Unspecified Local DoS |
| 71942 | Oracle Solaris Kernel/SPARC Unspecified Local DoS |
| 71941 | Oracle Solaris uucp Unspecified Local Issue |
| 71940 | Oracle Solaris Kernel Unspecified Remote DoS |
ExploitDB Exploits
| id | Description |
|---|---|
| 24450 | FreeBSD 9.1 ftpd Remote Denial of Service |
| 16137 | Multiple Vendor Calendar Manager Remote Code Execution |
| 15215 | Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon) |
| 5227 | Solaris 8/9/10 - fifofs I_PEEK Local Kernel Memory Leak Exploit |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-18 | Name : Fedora Update for xen FEDORA-2012-19828 File : nvt/gb_fedora_2012_19828_xen_fc16.nasl |
| 2012-12-14 | Name : Fedora Update for xen FEDORA-2012-19717 File : nvt/gb_fedora_2012_19717_xen_fc17.nasl |
| 2012-12-13 | Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen) File : nvt/gb_suse_2012_0886_1.nasl |
| 2012-11-23 | Name : Fedora Update for xen FEDORA-2012-18249 File : nvt/gb_fedora_2012_18249_xen_fc16.nasl |
| 2012-11-23 | Name : Fedora Update for xen FEDORA-2012-18242 File : nvt/gb_fedora_2012_18242_xen_fc17.nasl |
| 2012-11-15 | Name : Fedora Update for xen FEDORA-2012-17204 File : nvt/gb_fedora_2012_17204_xen_fc17.nasl |
| 2012-11-15 | Name : Fedora Update for xen FEDORA-2012-17408 File : nvt/gb_fedora_2012_17408_xen_fc16.nasl |
| 2012-09-22 | Name : Fedora Update for xen FEDORA-2012-13434 File : nvt/gb_fedora_2012_13434_xen_fc17.nasl |
| 2012-09-22 | Name : Fedora Update for xen FEDORA-2012-13443 File : nvt/gb_fedora_2012_13443_xen_fc16.nasl |
| 2012-08-30 | Name : Fedora Update for xen FEDORA-2012-9386 File : nvt/gb_fedora_2012_9386_xen_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for xen FEDORA-2012-11182 File : nvt/gb_fedora_2012_11182_xen_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for xen FEDORA-2012-11755 File : nvt/gb_fedora_2012_11755_xen_fc17.nasl |
| 2012-08-24 | Name : Fedora Update for xen FEDORA-2012-11785 File : nvt/gb_fedora_2012_11785_xen_fc16.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2501-1 (xen) File : nvt/deb_2501_1.nasl |
| 2012-08-10 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD16.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8) File : nvt/deb_2508_1.nasl |
| 2012-08-06 | Name : Fedora Update for xen FEDORA-2012-11190 File : nvt/gb_fedora_2012_11190_xen_fc16.nasl |
| 2012-07-30 | Name : CentOS Update for kernel CESA-2012:0721 centos5 File : nvt/gb_CESA-2012_0721_kernel_centos5.nasl |
| 2012-06-28 | Name : Fedora Update for xen FEDORA-2012-9399 File : nvt/gb_fedora_2012_9399_xen_fc16.nasl |
| 2012-06-28 | Name : Fedora Update for xen FEDORA-2012-9430 File : nvt/gb_fedora_2012_9430_xen_fc15.nasl |
| 2012-06-15 | Name : RedHat Update for kernel RHSA-2012:0721-01 File : nvt/gb_RHSA-2012_0721-01_kernel.nasl |
| 2012-06-13 | Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167) File : nvt/secpod_ms12-042.nasl |
| 2011-08-19 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl |
| 2011-03-24 | Name : Mandriva Update for vsftpd MDVSA-2011:049 (vsftpd) File : nvt/gb_mandriva_MDVSA_2011_049.nasl |
| 2011-02-28 | Name : HP-UX Update for CDE Calendar Manager HPSBUX02628 File : nvt/gb_hp_ux_HPSBUX02628.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2014-A-0107 | Multiple Vulnerabilities in Oracle & Sun Systems Products Suite Severity: Category I - VMSKEY: V0053187 |
| 2014-A-0058 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0049579 |
| 2014-A-0012 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0043396 |
| 2013-A-0195 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0040781 |
| 2013-A-0194 | Multiple Vulnerabilities in Juniper Networks JUNOS Severity: Category I - VMSKEY: V0040788 |
| 2011-B-0026 | HP-UX Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0026084 |
| 2008-T-0043 | Multiple Sun Solaris snoop Vulnerabilities Severity: Category II - VMSKEY: V0017141 |
| 2008-T-0029 | Sun Solaris Unspecified Remote Denial of Service Vulnerability Severity: Category II - VMSKEY: V0016060 |
| 2008-T-0022 | Sun Solaris TCP Implementation SYN Flood Denial of Service Severity: Category I - VMSKEY: V0016026 |
| 2008-T-0021 | Sun Solaris Print Service Unspecified Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0016018 |
| 2008-A-0025 | Sun SPARC Enterprise T5120 and T5220 Default Configuration Root Command Execu... Severity: Category I - VMSKEY: V0015977 |
| 2007-B-0006 | Sun Solaris Telnet Remote Authentication Bypass Vulnerability Severity: Category I - VMSKEY: V0013607 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | CDE Calendar Manager service memory corruption attempt RuleID : 19173 - Type : PROTOCOL-RPC - Revision : 10 |
| 2014-01-10 | Oracle Solaris login environment variable authentication bypass attempt RuleID : 10136 - Type : OS-SOLARIS - Revision : 11 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU10_5a.nasl - Type: ACT_GATHER_INFO |
| 2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU11_1_11_4_0.nasl - Type: ACT_GATHER_INFO |
| 2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU11_1_15_4_0.nasl - Type: ACT_GATHER_INFO |
| 2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU11_1_16_5_0.nasl - Type: ACT_GATHER_INFO |
| 2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU11_2_6_4_0.nasl - Type: ACT_GATHER_INFO |
| 2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU9_5.nasl - Type: ACT_GATHER_INFO |
| 2014-11-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2012-0020.nasl - Type: ACT_GATHER_INFO |
| 2014-11-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2012-0021.nasl - Type: ACT_GATHER_INFO |
| 2014-11-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2012-0022.nasl - Type: ACT_GATHER_INFO |
| 2014-10-15 | Name: The remote Solaris system is missing a security patch from CPU oct2014. File: solaris_oct2014_11_2SRU0.nasl - Type: ACT_GATHER_INFO |
| 2014-10-15 | Name: The remote Solaris system is missing a security patch from CPU oct2014. File: solaris_oct2014_SRU11_1_20_5_0.nasl - Type: ACT_GATHER_INFO |
| 2014-09-17 | Name: The remote host is missing Sun Security Patch number 150312-06 File: solaris10_150312.nasl - Type: ACT_GATHER_INFO |
| 2014-09-17 | Name: The remote host is missing Sun Security Patch number 150313-06 File: solaris10_x86_150313.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2012. File: solaris_apr2012_SRU3.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2012. File: solaris_apr2012_SRU4.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU0.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU3.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU4a.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU5.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU5_5.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2014. File: solaris_apr2014_SRU11_1_17_5_0.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU jan2013. File: solaris_jan2013_SRU12_4.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU jan2014. File: solaris_jan2014_SRU11_1_13_6_0.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU jan2014. File: solaris_jan2014_SRU11_1_16_5_0.nasl - Type: ACT_GATHER_INFO |
| 2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU jan2014. File: solaris_jan2014_SRU1_4.nasl - Type: ACT_GATHER_INFO |
