This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2008-02-12
Product Solaris Last view 2008-06-16
Version 10 Type Os
Update *  
Edition *  
Language th  
Sofware Edition *  
Target Software *  
Target Hardware x86  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

  Date Alert Description
7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

4.6 2008-02-12 CVE-2008-0730

The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-189 Numeric Errors

Open Source Vulnerability Database (OSVDB)

id Description
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
41535 Solaris Multiple Asian Language Input Methods File/Directory Creation Permiss...

Nessus® Vulnerability Scanner

id Description
2008-02-05 Name: The remote host is missing Sun Security Patch number 120412-11
File: solaris10_120412.nasl - Type: ACT_GATHER_INFO
2008-02-05 Name: The remote host is missing Sun Security Patch number 120413-11
File: solaris10_x86_120413.nasl - Type: ACT_GATHER_INFO