This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2007-10-11
Product Opensolaris Last view 2010-04-21
Version snv_73 Type Os
Update *  
Edition x86  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:opensolaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4 2010-04-21 CVE-2009-4774

Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2007-6225.

4.9 2010-02-03 CVE-2010-0453

The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.

4.6 2010-01-08 CVE-2010-0271

hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification.

2.1 2009-11-29 CVE-2009-4080

Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.

7.8 2009-11-06 CVE-2009-3899

Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

6.8 2009-11-02 CVE-2009-3839

Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.

4.9 2009-10-01 CVE-2009-3519

Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages.

1.9 2009-09-28 CVE-2009-3432

Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events.

7.2 2009-09-24 CVE-2009-3390

Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library.

7.2 2009-09-14 CVE-2009-3183

Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.

7.1 2009-09-10 CVE-2009-3164

Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136.

7.1 2009-08-28 CVE-2009-3000

The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."

4.9 2009-08-21 CVE-2009-2912

The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.

4.9 2009-08-19 CVE-2009-2857

The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.

4.9 2009-08-07 CVE-2009-2711

XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.

6.8 2009-08-03 CVE-2009-2652

Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets.

4.9 2009-07-29 CVE-2009-2644

Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."

4.7 2009-07-27 CVE-2009-2596

Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members.

7.8 2009-07-16 CVE-2009-2487

Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.

7.8 2009-07-16 CVE-2009-2486

Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.

4.9 2009-07-09 CVE-2009-2387

Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the ldt_rewrite_syscall function.

10 2009-07-02 CVE-2009-2296

The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.

4.9 2009-06-24 CVE-2009-2187

Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages.

7.8 2009-06-19 CVE-2009-2136

Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames.

4.9 2009-06-19 CVE-2009-2135

Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.

CWE : Common Weakness Enumeration

%idName
35% (13) CWE-399 Resource Management Errors
16% (6) CWE-264 Permissions, Privileges, and Access Controls
13% (5) CWE-362 Race Condition
8% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (3) CWE-20 Improper Input Validation
5% (2) CWE-255 Credentials Management
5% (2) CWE-200 Information Exposure
2% (1) CWE-310 Cryptographic Issues
2% (1) CWE-189 Numeric Errors
2% (1) CWE-134 Uncontrolled Format String

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
62046 Solaris Microcode Device UCODE_GET_VERSION IOCTL NULL Dereference Local DoS
61621 OpenSolaris hald(1M) Unspecified Audit Record Writing Failure
60514 Solaris LDAP Client Configuration Cache Daemon (ldap_cachemgr(1M)) Multiple U...
59657 Solaris Sockets Direct Protocol (SDP) driver (sdp(7D)) Unspecified Remote Ker...
59354 Solaris Trusted Extensions Policy Unspecified Remote Bypass
58449 Solaris Kernel IP Module Unspecified Local DoS
58278 Solaris xscreensaver RandR Extension Resized Locked Screen Information Disclo...
58266 Solaris iSCSI Management iscsiadm / iscsitadm Command Local Privilege Escalation
58110 Solaris w(1) Utility Local Overflow
58005 Solaris lx Branded Zones Unspecified Local DoS
57823 Solaris IPv6 Networking Stack Cassini Gigabit-Ethernet Device Driver (ce(7D))...
57457 Solaris sockfs Kernel Module Unspecified HTTP Requests Remote DoS
57169 Solaris sendfile / sendfilev Extended Library Functions Unspecified DoS
57151 Solaris Kernel Filesystem / Virtual Memory Subsystem Interaction Unspecified ...
56854 Solaris XScreenSaver (xscreensaver(1)) PopUp Window Information Disclosure
56682 Solaris Trusted Extensions Labeled Packet Handling Remote DoS
56607 Solaris Auditing Subsystem Extended File Attributes Race Condition Local DoS
56325 Solaris Auditing Extended File Attributes (fsattr(5)) Handling Local DoS
55875 Solaris SCTP Packet Handling System Panic Remote DoS
55874 Solaris IP Filter (ipf(5)) Use-after-free System Panic DoS
55771 OpenSolaris proc Filesystem ldt_rewrite_syscall Function Local DoS
55519 Solaris NFSv4 Server Kernel Module nfs_portmon Tunable Shared Resource Restri...
55299 Solaris IP Multicast Reception Memory Exhaustion Local DoS
55233 Solaris TCP/IP Networking Stack Cassini Gigabit-Ethernet Device Driver (ce(7D...
55232 Solaris Event Port API Unspecified Race Condition Local DoS (6790056)

ExploitDB Exploits

id Description
11351 Solaris/Open Solaris UCODE_GET_VERSION IOCTL Denial of Service
4601 Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-13 Name : Solaris Update for w and whodo 142286-01
File : nvt/gb_solaris_142286_01.nasl
2009-10-13 Name : Solaris Update for rpc.nisd 140917-02
File : nvt/gb_solaris_140917_02.nasl
2009-10-13 Name : Solaris Update for Sun iSCSI Device Driver and Utilities 119090-33
File : nvt/gb_solaris_119090_33.nasl
2009-10-13 Name : Solaris Update for IKE 114435-15
File : nvt/gb_solaris_114435_15.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19
File : nvt/gb_solaris_114265_19.nasl
2009-10-13 Name : Solaris Update for rpc.nisd 140918-02
File : nvt/gb_solaris_140918_02.nasl
2009-10-13 Name : Solaris Update for ipf ipftest 141020-03
File : nvt/gb_solaris_141020_03.nasl
2009-10-13 Name : Solaris Update for ipf ipftest 141021-03
File : nvt/gb_solaris_141021_03.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20
File : nvt/gb_solaris_112837_20.nasl
2009-10-13 Name : Solaris Update for w and whodo 142285-01
File : nvt/gb_solaris_142285_01.nasl
2009-09-23 Name : Solaris Update for ipf ipftest 141021-01
File : nvt/gb_solaris_141021_01.nasl
2009-09-23 Name : Solaris Update for ipf ipftest 141020-01
File : nvt/gb_solaris_141020_01.nasl
2009-09-23 Name : Solaris Update for fasttrap 141765-01
File : nvt/gb_solaris_141765_01.nasl
2009-09-23 Name : Solaris Update for fasttrap 141766-01
File : nvt/gb_solaris_141766_01.nasl
2009-09-23 Name : Solaris Update for rpc.nisd 140918-01
File : nvt/gb_solaris_140918_01.nasl
2009-06-03 Name : Solaris Update for dhcp server and admin 109077-21
File : nvt/gb_solaris_109077_21.nasl
2009-06-03 Name : Solaris Update for usr/bin/dircmp 140838-01
File : nvt/gb_solaris_140838_01.nasl
2009-06-03 Name : Solaris Update for usr/bin/dircmp 140837-01
File : nvt/gb_solaris_140837_01.nasl
2009-06-03 Name : Solaris Update for ptsl 140427-01
File : nvt/gb_solaris_140427_01.nasl
2009-06-03 Name : Solaris Update for ptsl 140426-01
File : nvt/gb_solaris_140426_01.nasl
2009-06-03 Name : Solaris Update for Obsoleted by 139462-02
File : nvt/gb_solaris_139462_02.nasl
2009-06-03 Name : Solaris Update for dhcp server and admin 109078-21
File : nvt/gb_solaris_109078_21.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18
File : nvt/gb_solaris_112837_18.nasl
2009-06-03 Name : Solaris Update for logindmux, ptsl, ms, bufmod, llc1, kb, zs, zsh, ptem 1136...
File : nvt/gb_solaris_113685_07.nasl
2009-06-03 Name : Solaris Update for logindmux/llc1/ptsl/bufmod/ptem 113686-06
File : nvt/gb_solaris_113686_06.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-A-0113 Sun Solaris Remote Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0021928
2009-A-0086 Sun Solaris iSCSI Management Commands Local Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0021633
2009-T-0047 Sun Solaris Kernel Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0019908
2009-T-0040 Sun Solaris Network File System Unauthorized Network Access Vulnerability
Severity: Category II - VMSKEY: V0019716
2009-T-0008 Sun Solaris IKE Packet Handling Security Vulnerability
Severity: Category I - VMSKEY: V0018293
2009-T-0003 Sun Solaris 10 IPv4 Forwarding Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0017995
2009-T-0001 Sun Solaris X Inter Client Exchange Library (libICE) Denial of Service Vulner...
Severity: Category I - VMSKEY: V0017981
2008-T-0043 Multiple Sun Solaris snoop Vulnerabilities
Severity: Category II - VMSKEY: V0017141

Snort® IPS/IDS

Date Description
2017-08-29 Sun Solaris dhcpd malformed bootp denial of service attempt
RuleID : 43752 - Type : SERVER-OTHER - Revision : 2
2014-01-10 IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt
RuleID : 20248 - Type : PROTOCOL-RPC - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-04-02 Name: The remote host is missing Sun security patch number 119060-45.
File: solaris10_x86_119060_45.nasl - Type: ACT_GATHER_INFO
2015-04-02 Name: The remote host is missing Sun security patch number 119059-46.
File: solaris10_119059_46.nasl - Type: ACT_GATHER_INFO
2010-02-02 Name: The remote host is missing Sun Security Patch number 143913-01
File: solaris10_x86_143913.nasl - Type: ACT_GATHER_INFO
2009-10-19 Name: The remote host is missing Sun Security Patch number 126363-10
File: solaris10_126363.nasl - Type: ACT_GATHER_INFO
2009-10-15 Name: The remote host is missing Sun Security Patch number 141445-09
File: solaris10_x86_141445.nasl - Type: ACT_GATHER_INFO
2009-10-15 Name: The remote host is missing Sun Security Patch number 141444-09
File: solaris10_141444.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 138897-01
File: solaris9_x86_138897.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 138896-01
File: solaris9_138896.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 140838-01
File: solaris8_x86_140838.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 140837-01
File: solaris8_140837.nasl - Type: ACT_GATHER_INFO
2009-02-02 Name: The remote host is missing Sun Security Patch number 140427-01
File: solaris9_x86_140427.nasl - Type: ACT_GATHER_INFO
2009-02-02 Name: The remote host is missing Sun Security Patch number 140426-01
File: solaris9_140426.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 114262-05
File: solaris9_x86_114262.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 108964-11
File: solaris8_108964.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 112915-06
File: solaris9_112915.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 108965-11
File: solaris8_x86_108965.nasl - Type: ACT_GATHER_INFO
2008-01-04 Name: The remote host is missing Sun Security Patch number 128625-11
File: solaris8_x86_128625.nasl - Type: ACT_GATHER_INFO
2008-01-02 Name: The remote host is missing Sun Security Patch number 128624-11
File: solaris8_128624.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-2.nasl - Type: ACT_GATHER_INFO
2007-10-25 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2007-0970.nasl - Type: ACT_GATHER_INFO
2007-10-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1388.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 120012-14
File: solaris10_x86_120012.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote host is missing Sun Security Patch number 120011-14
File: solaris10_120011.nasl - Type: ACT_GATHER_INFO
2007-03-18 Name: The remote host is missing Sun Security Patch number 122301-61
File: solaris9_x86_122301.nasl - Type: ACT_GATHER_INFO