This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1993-10-01
Product Solaris Last view 2010-07-02
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2010-07-02 CVE-2010-2594

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

3.3 2010-03-29 CVE-2010-1183

Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.

7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

2.1 2007-07-12 CVE-2007-3723

The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

5 2005-11-22 CVE-2005-3781

Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries."

2.1 2004-04-26 CVE-2004-1355

Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.

5 2004-02-16 CVE-2004-1180

Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

10 2003-09-22 CVE-2003-0722

The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.

2.1 2001-08-31 CVE-2001-1066

ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.

10 1999-01-01 CVE-1999-0568

rpc.admind in Solaris is not running in a secure mode.

7.2 1998-12-01 CVE-1999-0321

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

7.5 1998-11-16 CVE-1999-0057

Vacation program allows command execution by remote users through a sendmail command.

7.5 1998-03-01 CVE-1999-0795

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

5 1997-08-24 CVE-1999-1225

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

2.1 1993-10-01 CVE-1999-1137

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-352 Cross-Site Request Forgery (CSRF)
33% (1) CWE-189 Numeric Errors
33% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

SAINT Exploits

Description Link
sadmind AUTH_SYS authentication vulnerability More info here

Open Source Vulnerability Database (OSVDB)

id Description
65829 Snare Agent Multiple Unspecified CSRF
63429 Solaris Update Manager tmp/CLEANUP Temporary File Symlink Arbitrary File Modi...
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
36616 Solaris Kernel Process Scheduling Local DoS
20752 Solaris in.named Forced Query Remote DoS
13778 netkit-rwho rwhod Packet Validation Remote DoS
12947 NIS+ rpc.nisd RPC Call Unprivileged Server Activity
8751 Multiple Vendor rpc.mountd File Existence Information Disclosure
8735 Netscape on Solaris ns6install Symlink Arbitrary File Overwrite
8659 Solaris rpc.admind Insecure Mode Remote Privilege Escalation
7526 Solaris kcms_configure Local Command Overflow
6436 Solaris /dev/audio World Read Permission
5665 Solaris TCP/IP Stack DoS
4585 Solaris sadmind AUTH_SYS Credential Remote Command Execution
1108 Multiple Vendor vacation Arbitrary Command Execution

OpenVAS Exploits

id Description
2009-05-05 Name : HP-UX Update for rpc.mountd HPSBUX00272
File : nvt/gb_hp_ux_HPSBUX00272.nasl
2008-01-17 Name : Debian Security Advisory DSA 678-1 (netkit-rwho)
File : nvt/deb_678_1.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Solaris UDP portmap sadmin port query request attempt
RuleID : 585-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 Solaris UDP portmap sadmin port query request attempt
RuleID : 585 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 Solaris UDP portmapper sadmin port query attempt
RuleID : 12628 - Type : PROTOCOL-RPC - Revision : 6
2014-01-10 Solaris TCP portmapper sadmin port query attempt
RuleID : 12627 - Type : PROTOCOL-RPC - Revision : 6
2014-01-10 Solaris UDP portmap sadmin port query request attempt
RuleID : 12626 - Type : PROTOCOL-RPC - Revision : 8
2014-01-10 Solaris TCP portmap sadmin port query request attempt
RuleID : 12458 - Type : PROTOCOL-RPC - Revision : 10

Nessus® Vulnerability Scanner

id Description
2005-02-17 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-039.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_16295.nasl - Type: ACT_GATHER_INFO
2005-02-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-678.nasl - Type: ACT_GATHER_INFO
2003-09-19 Name: The remote RPC service allows execution of arbitrary commands.
File: rpc_sadmin2.nasl - Type: ACT_GATHER_INFO