This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2008-06-16
Product Opensolaris Last view 2009-11-29
Version snv_18 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:opensolaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
2.1 2009-11-29 CVE-2009-4080

Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.

4.9 2009-10-01 CVE-2009-3519

Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages.

1.9 2009-09-28 CVE-2009-3432

Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events.

4.9 2009-08-24 CVE-2009-2952

Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.

4.9 2009-08-21 CVE-2009-2912

The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.

4.9 2009-08-19 CVE-2009-2857

The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.

4.9 2009-07-29 CVE-2009-2644

Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."

10 2009-07-02 CVE-2009-2296

The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.

4.9 2009-06-19 CVE-2009-2135

Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.

5 2009-06-11 CVE-2009-2029

Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.

4.7 2009-06-05 CVE-2009-1933

Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors.

2.1 2009-04-09 CVE-2009-1276

XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.

4.7 2009-03-16 CVE-2009-0913

Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options.

6.9 2009-03-12 CVE-2009-0875

Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.

4.9 2009-03-12 CVE-2009-0874

Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function.

6.8 2009-03-11 CVE-2009-0872

The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.

4.9 2009-02-09 CVE-2009-0480

The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.

5.4 2009-02-02 CVE-2008-6024

Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris before snv_37, when automountd is used, allows user-assisted remote attackers to cause a denial of service (unresponsive NFS filesystems) via unknown vectors.

6.9 2009-01-28 CVE-2009-0319

Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."

7.8 2009-01-27 CVE-2009-0304

The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.

4.9 2009-01-26 CVE-2009-0268

Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.

5 2009-01-26 CVE-2009-0267

libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.

4.9 2009-01-07 CVE-2009-0069

Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors.

5 2008-12-19 CVE-2008-5684

Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).

5.8 2008-11-18 CVE-2008-5133

ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.

CWE : Common Weakness Enumeration

%idName
30% (6) CWE-399 Resource Management Errors
20% (4) CWE-362 Race Condition
15% (3) CWE-264 Permissions, Privileges, and Access Controls
10% (2) CWE-20 Improper Input Validation
5% (1) CWE-255 Credentials Management
5% (1) CWE-200 Information Exposure
5% (1) CWE-189 Numeric Errors
5% (1) CWE-134 Uncontrolled Format String
5% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
60514 Solaris LDAP Client Configuration Cache Daemon (ldap_cachemgr(1M)) Multiple U...
58449 Solaris Kernel IP Module Unspecified Local DoS
58278 Solaris xscreensaver RandR Extension Resized Locked Screen Information Disclo...
57355 Solaris pollwakeup Function Unspecified Local DoS
57169 Solaris sendfile / sendfilev Extended Library Functions Unspecified DoS
57151 Solaris Kernel Filesystem / Virtual Memory Subsystem Interaction Unspecified ...
56607 Solaris Auditing Subsystem Extended File Attributes Race Condition Local DoS
55519 Solaris NFSv4 Server Kernel Module nfs_portmon Tunable Shared Resource Restri...
55232 Solaris Event Port API Unspecified Race Condition Local DoS (6790056)
55231 Solaris Event Port API Unspecified Race Condition Local DoS (6736713)
55049 Solaris rpc.nisd(1M) NIS+ Server Unspecified DoS
54979 Kerberos on Solaris Local NFS Mount/Share Credential Cache Management Unspeci...
53628 Solaris XScreenSaver PopUp Window Information Disclosure
52678 Solaris keysock Kernel Module Unspecified Local DoS
52563 Solaris Kernel Doors Subsystem Unspecified Local Privilege Escalation
52561 Solaris Kernel Doors Subsystem Multiple Unspecified Local DoS
52559 Solaris NFS Server Security Modes (nfssec(5)) Combined AUTH_NONE / AUTH_SYS A...
52556 Solaris IP Implementation Socket Minor Number Allocation Local DoS
52554 Solaris autofs Kernel Module Unspecified Local Privilege Escalation
52541 Solaris Pseudo-terminal (aka pty) Driver Module Unspecified Local DoS
52540 Solaris libike Library IKE Packet Handling Remote DoS
52532 Solaris X Inter Client Exchange library (aka libICE) Port Scan DoS
52002 Solaris IPv6 Destination Header (DH) Parsing Remote DoS
51174 Solaris NFSv4 Unspecified Local DoS
49764 Solaris IP Filter (ipfilter(5)) DNS Query ID Field Prediction Cache Poisoning

OpenVAS Exploits

id Description
2009-10-13 Name : Solaris Update for IKE 114435-15
File : nvt/gb_solaris_114435_15.nasl
2009-10-13 Name : Solaris Update for rpc.nisd 140917-02
File : nvt/gb_solaris_140917_02.nasl
2009-10-13 Name : Solaris Update for rpc.nisd 140918-02
File : nvt/gb_solaris_140918_02.nasl
2009-10-13 Name : Solaris Update for kernel 141414-10
File : nvt/gb_solaris_141414_10.nasl
2009-10-13 Name : Solaris Update for kernel 141415-10
File : nvt/gb_solaris_141415_10.nasl
2009-09-23 Name : Solaris Update for rpc.nisd 140918-01
File : nvt/gb_solaris_140918_01.nasl
2009-09-23 Name : Solaris Update for kernel 141415-04
File : nvt/gb_solaris_141415_04.nasl
2009-06-03 Name : Solaris Update for logindmux, ptsl, ms, bufmod, llc1, kb, zs, zsh, ptem 1136...
File : nvt/gb_solaris_113685_07.nasl
2009-06-03 Name : Solaris Update for logindmux/llc1/ptsl/bufmod/ptem 113686-06
File : nvt/gb_solaris_113686_06.nasl
2009-06-03 Name : Solaris Update for snoop 114262-05
File : nvt/gb_solaris_114262_05.nasl
2009-06-03 Name : Solaris Update for autofs 116053-03
File : nvt/gb_solaris_116053_03.nasl
2009-06-03 Name : Solaris Update for Obsoleted by 139462-02
File : nvt/gb_solaris_139462_02.nasl
2009-06-03 Name : Solaris Update for Obsoleted by 139463-02
File : nvt/gb_solaris_139463_02.nasl
2009-06-03 Name : Solaris Update for ptsl 140426-01
File : nvt/gb_solaris_140426_01.nasl
2009-06-03 Name : Solaris Update for ptsl 140427-01
File : nvt/gb_solaris_140427_01.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-T-0040 Sun Solaris Network File System Unauthorized Network Access Vulnerability
Severity: Category II - VMSKEY: V0019716
2009-T-0008 Sun Solaris IKE Packet Handling Security Vulnerability
Severity: Category I - VMSKEY: V0018293
2009-T-0001 Sun Solaris X Inter Client Exchange Library (libICE) Denial of Service Vulner...
Severity: Category I - VMSKEY: V0017981
2008-T-0043 Multiple Sun Solaris snoop Vulnerabilities
Severity: Category II - VMSKEY: V0017141

Snort® IPS/IDS

Date Description
2014-01-10 IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt
RuleID : 20248 - Type : PROTOCOL-RPC - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-04-02 Name: The remote host is missing Sun security patch number 119060-45.
File: solaris10_x86_119060_45.nasl - Type: ACT_GATHER_INFO
2015-04-02 Name: The remote host is missing Sun security patch number 119059-46.
File: solaris10_119059_46.nasl - Type: ACT_GATHER_INFO
2009-02-02 Name: The remote host is missing Sun Security Patch number 140427-01
File: solaris9_x86_140427.nasl - Type: ACT_GATHER_INFO
2009-02-02 Name: The remote host is missing Sun Security Patch number 140426-01
File: solaris9_140426.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 114262-05
File: solaris9_x86_114262.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 108964-11
File: solaris8_108964.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 112915-06
File: solaris9_112915.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 108965-11
File: solaris8_x86_108965.nasl - Type: ACT_GATHER_INFO
2008-01-04 Name: The remote host is missing Sun Security Patch number 128625-11
File: solaris8_x86_128625.nasl - Type: ACT_GATHER_INFO
2008-01-02 Name: The remote host is missing Sun Security Patch number 128624-11
File: solaris8_128624.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-2.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-1.nasl - Type: ACT_GATHER_INFO
2007-10-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1388.nasl - Type: ACT_GATHER_INFO
2007-03-18 Name: The remote host is missing Sun Security Patch number 122301-61
File: solaris9_x86_122301.nasl - Type: ACT_GATHER_INFO
2007-03-18 Name: The remote host is missing Sun Security Patch number 122300-61
File: solaris9_122300.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120094-36
File: solaris10_120094.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120095-36
File: solaris10_x86_120095.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115158-14
File: solaris9_115158.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119059-73
File: solaris10_119059.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115159-14
File: solaris9_x86_115159.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119060-72
File: solaris10_x86_119060.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119068-11
File: solaris8_x86_119068.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119067-11
File: solaris8_119067.nasl - Type: ACT_GATHER_INFO
2006-08-21 Name: The remote host is missing Sun Security Patch number 119435-29
File: solaris9_x86_119435.nasl - Type: ACT_GATHER_INFO
2006-02-19 Name: The remote host is missing Sun Security Patch number 117351-61
File: solaris8_x86_117351.nasl - Type: ACT_GATHER_INFO