This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2008-06-16
Product Opensolaris Last view 2010-02-05
Version snv_119 Type Os
Update *  
Edition sparc  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:opensolaris

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2010-02-05 CVE-2010-0559

The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain.

7.5 2010-02-05 CVE-2010-0558

The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain.

4.6 2010-01-08 CVE-2010-0271

hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification.

7.1 2009-12-08 CVE-2009-4226

Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function.

5 2009-11-25 CVE-2009-4075

Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread."

6.8 2009-11-02 CVE-2009-3839

Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.

7.2 2009-09-14 CVE-2009-3183

Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.

7.1 2009-09-10 CVE-2009-3164

Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136.

4.9 2009-09-08 CVE-2009-3101

xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches.

4 2009-09-08 CVE-2009-3100

xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.

7.1 2009-08-28 CVE-2009-3000

The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."

4.9 2009-08-07 CVE-2009-2711

XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.

6.8 2009-08-03 CVE-2009-2652

Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets.

4.9 2009-07-29 CVE-2009-2644

Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."

4.7 2009-07-27 CVE-2009-2596

Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members.

4.9 2009-07-16 CVE-2009-2488

Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations."

7.8 2009-07-16 CVE-2009-2486

Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.

7.2 2008-09-02 CVE-2008-3875

The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.

9.3 2008-08-08 CVE-2008-0965

Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

9.3 2008-08-08 CVE-2008-0964

Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

4.9 2008-06-16 CVE-2008-2708

Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSPARC T2+ kernel modules in Sun Solaris 10, and OpenSolaris before snv_93, allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files.

CWE : Common Weakness Enumeration

%idName
16% (2) CWE-399 Resource Management Errors
16% (2) CWE-362 Race Condition
16% (2) CWE-264 Permissions, Privileges, and Access Controls
16% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (2) CWE-16 Configuration
8% (1) CWE-200 Information Exposure
8% (1) CWE-134 Uncontrolled Format String

Open Source Vulnerability Database (OSVDB)

id Description
62221 OpenSolaris Default Configuration smbadm Windows Active Directory Domain Join...
62220 OpenSolaris Default Configuration kclient Windows Active Directory Domain Joi...
61621 OpenSolaris hald(1M) Unspecified Audit Record Writing Failure
60874 OpenSolaris Kernel IP Module Multiple Function Race Condition DoS
60498 Solaris sshd(1M) Timeout Mechanism Unspecified Remote DoS
59354 Solaris Trusted Extensions Policy Unspecified Remote Bypass
58110 Solaris w(1) Utility Local Overflow
57895 Solaris Gnome-XScreenSaver (xscreensaver) Multiple Method Local Screen Lock DoS
57823 Solaris IPv6 Networking Stack Cassini Gigabit-Ethernet Device Driver (ce(7D))...
57457 Solaris sockfs Kernel Module Unspecified HTTP Requests Remote DoS
56854 Solaris XScreenSaver (xscreensaver(1)) PopUp Window Information Disclosure
56682 Solaris Trusted Extensions Labeled Packet Handling Remote DoS
56607 Solaris Auditing Subsystem Extended File Attributes Race Condition Local DoS
56325 Solaris Auditing Extended File Attributes (fsattr(5)) Handling Local DoS
55876 Solaris NFSv4 Kernel Module Client System Panic Local DoS
55875 Solaris SCTP Packet Handling System Panic Remote DoS
47857 Solaris Kernel Covert Channel Security Restriction Bypass
47422 Solaris snoop(1M) SMB Traffic Monitoring Multiple Unspecified Remote Format S...
47421 Solaris snoop(1M) SMB Traffic Monitoring Multiple Unspecified Remote Overflows
46147 Solaris UltraSPARC Kernel Module Unspecified Local DoS

OpenVAS Exploits

id Description
2009-10-13 Name : Solaris Update for w and whodo 142285-01
File : nvt/gb_solaris_142285_01.nasl
2009-10-13 Name : Solaris Update for w and whodo 142286-01
File : nvt/gb_solaris_142286_01.nasl
2009-09-23 Name : Solaris Update for klmmod 141734-03
File : nvt/gb_solaris_141734_03.nasl
2009-06-03 Name : Solaris Update for usr/lib/utmp_update 113718-02
File : nvt/gb_solaris_113718_02.nasl
2009-06-03 Name : Solaris Update for utmp_update 113996-02
File : nvt/gb_solaris_113996_02.nasl
2009-06-03 Name : Solaris Update for snoop 114262-05
File : nvt/gb_solaris_114262_05.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-A-0113 Sun Solaris Remote Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0021928
2009-T-0047 Sun Solaris Kernel Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0019908
2008-T-0043 Multiple Sun Solaris snoop Vulnerabilities
Severity: Category II - VMSKEY: V0017141

Nessus® Vulnerability Scanner

id Description
2009-10-19 Name: The remote host is missing Sun Security Patch number 126363-10
File: solaris10_126363.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 108964-11
File: solaris8_108964.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 108965-11
File: solaris8_x86_108965.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 112915-06
File: solaris9_112915.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 114262-05
File: solaris9_x86_114262.nasl - Type: ACT_GATHER_INFO
2007-03-18 Name: The remote host is missing Sun Security Patch number 122300-61
File: solaris9_122300.nasl - Type: ACT_GATHER_INFO
2007-03-18 Name: The remote host is missing Sun Security Patch number 122301-61
File: solaris9_x86_122301.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120094-36
File: solaris10_120094.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120095-36
File: solaris10_x86_120095.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115158-14
File: solaris9_115158.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115159-14
File: solaris9_x86_115159.nasl - Type: ACT_GATHER_INFO
2006-02-19 Name: The remote host is missing Sun Security Patch number 117350-62
File: solaris8_117350.nasl - Type: ACT_GATHER_INFO
2006-02-19 Name: The remote host is missing Sun Security Patch number 117351-61
File: solaris8_x86_117351.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 113718-05
File: solaris9_113718.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 113996-06
File: solaris9_x86_113996.nasl - Type: ACT_GATHER_INFO