This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2004-12-21
Product Solaris Last view 2010-02-03
Version 10.0 Type Os
Update *  
Edition x86  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.9 2010-02-03 CVE-2010-0453

The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.

6.8 2010-01-14 CVE-2010-0310

Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.

7.2 2009-11-03 CVE-2009-3851

Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the "restart daemon."

6.9 2009-09-29 CVE-2009-3468

Multiple unspecified vulnerabilities in Common Desktop Environment (CDE) in Sun Solaris 10, when Trusted Extensions is enabled, allow local users to execute arbitrary commands or bypass the Mandatory Access Control (MAC) policy via unknown vectors, related to a menu typo and the Style Manager.

7.1 2009-09-10 CVE-2009-3164

Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136.

7.1 2009-08-28 CVE-2009-3000

The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."

6.8 2009-08-03 CVE-2009-2652

Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets.

4.9 2009-07-29 CVE-2009-2644

Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."

7.1 2009-07-02 CVE-2009-2297

Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches.

4.9 2009-06-24 CVE-2009-2187

Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages.

7.8 2009-06-19 CVE-2009-2136

Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames.

4.9 2009-06-19 CVE-2009-2135

Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.

5 2009-06-11 CVE-2009-2029

Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.

6.8 2009-03-11 CVE-2009-0873

The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."

4.7 2009-03-10 CVE-2009-0870

The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function.

4.7 2009-01-16 CVE-2009-0167

Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability."

4.6 2008-12-22 CVE-2008-5699

The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors.

7.2 2008-12-19 CVE-2008-5689

tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.

7.8 2008-12-09 CVE-2008-5410

The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.

4.7 2008-02-25 CVE-2008-0933

Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.

7.2 2008-01-11 CVE-2008-0242

Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.

7.6 2007-11-29 CVE-2007-6180

Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.

4.9 2007-10-23 CVE-2007-5632

Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.

7.8 2007-10-15 CVE-2007-5462

Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.

4.9 2007-10-11 CVE-2007-5368

Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
30% (6) CWE-362 Race Condition
25% (5) CWE-399 Resource Management Errors
15% (3) CWE-264 Permissions, Privileges, and Access Controls
15% (3) CWE-20 Improper Input Validation
5% (1) CWE-310 Cryptographic Issues
5% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-88 OS Command Injection
CAPEC-133 Try All Common Application Switches and Options

SAINT Exploits

Description Link
Solaris telnetd authentication bypass More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
62046 Solaris Microcode Device UCODE_GET_VERSION IOCTL NULL Dereference Local DoS
61660 Solaris Trusted Extensions Library Installation Weakness Local Privilege Esca...
59703 Solaris Trusted Extensions XScreenSaver xscreensaver-demo Command Restart Dae...
58319 Solaris Trusted Extensions Common Desktop Environment (CDE) Unspecified Local...
57823 Solaris IPv6 Networking Stack Cassini Gigabit-Ethernet Device Driver (ce(7D))...
57457 Solaris sockfs Kernel Module Unspecified HTTP Requests Remote DoS
56682 Solaris Trusted Extensions Labeled Packet Handling Remote DoS
56607 Solaris Auditing Subsystem Extended File Attributes Race Condition Local DoS
55549 Solaris Kernel udp(7p) Subsystem Trusted Extensions crgetlabel Function Unspe...
55299 Solaris IP Multicast Reception Memory Exhaustion Local DoS
55233 Solaris TCP/IP Networking Stack Cassini Gigabit-Ethernet Device Driver (ce(7D...
55232 Solaris Event Port API Unspecified Race Condition Local DoS (6790056)
55231 Solaris Event Port API Unspecified Race Condition Local DoS (6736713)
55049 Solaris rpc.nisd(1M) NIS+ Server Unspecified DoS
52560 Solaris NFS Daemon sec=sys / sec=krb5 Security Mode Restriction Bypass
52535 Solaris lpadmin Print Utility Unspecified Local DoS
52507 Solaris NFSv4 Server Kernel Module hsfs(7FS) File System Handling Unspecified...
50934 Solaris Name Service Cache Daemon (nscd(1M)) Unspecified Local Privilege Esca...
50933 Solaris IP Tunnel Parameter Processing (tun(7M)) SIOCGTUNPARAM IOCTL Local Pr...
50614 Solaris OpenSSL PKCS#11 Corrupted Session Cache DoS
42017 Solaris Kernel CPU Performance Counters (cpc(3CPC)) Sub-system Race Condition...
42016 Solaris Kernel CPU Performance Counters (cpc(3CPC)) Sub-system Race Condition...
41687 Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove...
40830 Solaris libdevinfo(3LIB) Login Device Permission Unspecified Local Privilege ...
40821 Solaris Remote Procedure Call kernel Module (rpcmod) Unspecified Local Race C...

ExploitDB Exploits

id Description
11351 Solaris/Open Solaris UCODE_GET_VERSION IOCTL Denial of Service
4601 Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit
2360 X11R6 <= 6.4 XKEYBOARD - Local Buffer Overflow Exploit (solaris/sparc)
2241 Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-13 Name : Solaris Update for rpc.nisd 140918-02
File : nvt/gb_solaris_140918_02.nasl
2009-10-13 Name : Solaris Update for kernel 141414-10
File : nvt/gb_solaris_141414_10.nasl
2009-10-13 Name : Solaris Update for rpc.nisd 140917-02
File : nvt/gb_solaris_140917_02.nasl
2009-10-13 Name : Solaris Update for CDE 1.6 139620-01
File : nvt/gb_solaris_139620_01.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19
File : nvt/gb_solaris_114265_19.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20
File : nvt/gb_solaris_112837_20.nasl
2009-09-23 Name : Solaris Update for kernel 141414-02
File : nvt/gb_solaris_141414_02.nasl
2009-09-23 Name : Solaris Update for rpc.nisd 140918-01
File : nvt/gb_solaris_140918_01.nasl
2009-06-03 Name : Solaris Update for hsfs 116047-03
File : nvt/gb_solaris_116047_03.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-17
File : nvt/gb_solaris_114265_17.nasl
2009-06-03 Name : Solaris Update for ata Driver 117122-03
File : nvt/gb_solaris_117122_03.nasl
2009-06-03 Name : Solaris Update for Xview 119902-01
File : nvt/gb_solaris_119902_01.nasl
2009-06-03 Name : Solaris Update for Sun Java Web Console (Lockhart) 121211-02
File : nvt/gb_solaris_121211_02.nasl
2009-06-03 Name : Solaris Update for Sun Java Web Console (Lockhart) 121212-02
File : nvt/gb_solaris_121212_02.nasl
2009-06-03 Name : Solaris Update for hsfs 121995-01
File : nvt/gb_solaris_121995_01.nasl
2009-06-03 Name : Solaris Update for librpcsvc 123396-01
File : nvt/gb_solaris_123396_01.nasl
2009-06-03 Name : Solaris Update for librpcsvc 123397-01
File : nvt/gb_solaris_123397_01.nasl
2009-06-03 Name : Solaris Update for librpcsvc 127548-01
File : nvt/gb_solaris_127548_01.nasl
2009-06-03 Name : Solaris Update for librpcsvc 127549-01
File : nvt/gb_solaris_127549_01.nasl
2009-06-03 Name : Solaris Update for usr/lib/inet/in.dhcpd 138876-01
File : nvt/gb_solaris_138876_01.nasl
2009-06-03 Name : Solaris Update for usr/lib/inet/in.dhcpd 138877-01
File : nvt/gb_solaris_138877_01.nasl
2009-06-03 Name : Solaris Update for Obsoleted by 139462-02
File : nvt/gb_solaris_139462_02.nasl
2009-06-03 Name : Solaris Update for Obsoleted by 139463-02
File : nvt/gb_solaris_139463_02.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18
File : nvt/gb_solaris_112837_18.nasl
2009-06-03 Name : Solaris Update for dhcp server and admin 109077-21
File : nvt/gb_solaris_109077_21.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2010-A-0013 Sun Solaris Trusted Extensions Missing Libraries Local Privilege Escalation V...
Severity: Category I - VMSKEY: V0022381
2009-A-0085 Multiple Vulnerabilities in Solaris Trusted Extensions Common Desktop Environ...
Severity: Category I - VMSKEY: V0021628
2009-T-0047 Sun Solaris Kernel Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0019908
2008-T-0066 Sun Solaris Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0017916
2007-B-0006 Sun Solaris Telnet Remote Authentication Bypass Vulnerability
Severity: Category I - VMSKEY: V0013607

Snort® IPS/IDS

Date Description
2017-08-29 Sun Solaris dhcpd malformed bootp denial of service attempt
RuleID : 43752 - Type : SERVER-OTHER - Revision : 2
2014-01-10 Oracle Solaris printd Daemon Arbitrary File Deletion attempt
RuleID : 17353 - Type : OS-SOLARIS - Revision : 12
2014-01-10 Oracle Java Web Console logging functionality format string exploit attempt
RuleID : 17109 - Type : SERVER-ORACLE - Revision : 5
2014-01-10 Oracle Java web console format string attempt
RuleID : 14615 - Type : SERVER-OTHER - Revision : 7
2014-01-10 Oracle Solaris printd arbitrary file deletion vulnerability
RuleID : 12080 - Type : OS-SOLARIS - Revision : 10
2014-01-10 Oracle Solaris lpd unlink file attempt
RuleID : 10418 - Type : OS-SOLARIS - Revision : 8
2014-01-10 Oracle Solaris login environment variable authentication bypass attempt
RuleID : 10136 - Type : OS-SOLARIS - Revision : 11

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-04-02 Name: The remote host is missing Sun security patch number 119060-45.
File: solaris10_x86_119060_45.nasl - Type: ACT_GATHER_INFO
2015-04-02 Name: The remote host is missing Sun security patch number 119059-46.
File: solaris10_119059_46.nasl - Type: ACT_GATHER_INFO
2013-07-03 Name: The remote host is missing Sun Security Patch number 143502-01
File: solaris10_143502.nasl - Type: ACT_GATHER_INFO
2013-07-03 Name: The remote host is missing Sun Security Patch number 143503-01
File: solaris10_x86_143503.nasl - Type: ACT_GATHER_INFO
2010-02-02 Name: The remote host is missing Sun Security Patch number 143913-01
File: solaris10_x86_143913.nasl - Type: ACT_GATHER_INFO
2009-09-23 Name: The remote host is missing Sun Security Patch number 126365-16
File: solaris10_126365.nasl - Type: ACT_GATHER_INFO
2009-09-23 Name: The remote host is missing Sun Security Patch number 139620-01
File: solaris10_139620.nasl - Type: ACT_GATHER_INFO
2009-09-23 Name: The remote host is missing Sun Security Patch number 126366-16
File: solaris10_x86_126366.nasl - Type: ACT_GATHER_INFO
2009-09-23 Name: The remote host is missing Sun Security Patch number 139621-01
File: solaris10_x86_139621.nasl - Type: ACT_GATHER_INFO
2008-01-27 Name: The remote Fedora host is missing a security update.
File: fedora_2008-0956.nasl - Type: ACT_GATHER_INFO
2008-01-27 Name: The remote Fedora host is missing a security update.
File: fedora_2008-0930.nasl - Type: ACT_GATHER_INFO
2008-01-04 Name: The remote host is missing Sun Security Patch number 128625-11
File: solaris8_x86_128625.nasl - Type: ACT_GATHER_INFO
2008-01-02 Name: The remote host is missing Sun Security Patch number 128624-11
File: solaris8_128624.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-2.nasl - Type: ACT_GATHER_INFO
2007-10-25 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2007-0970.nasl - Type: ACT_GATHER_INFO
2007-10-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1388.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 127548-01
File: solaris8_127548.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 123397-01
File: solaris9_x86_123397.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 127549-01
File: solaris8_x86_127549.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 123396-01
File: solaris9_123396.nasl - Type: ACT_GATHER_INFO
2007-07-02 Name: The remote host is missing Sun Security Patch number 125279-05
File: solaris10_125279.nasl - Type: ACT_GATHER_INFO
2007-07-02 Name: The remote host is missing Sun Security Patch number 125280-05
File: solaris10_x86_125280.nasl - Type: ACT_GATHER_INFO
2007-04-23 Name: The remote web server is prone to a format string attack.
File: sun_java_web_console_format_string.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 115298-01
File: solaris8_115298.nasl - Type: ACT_GATHER_INFO