This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1995-10-19
Product Solaris Last view 2008-06-16
Version 2.4 Type Os
Update *  
Edition x86  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

10 2003-04-02 CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

10 2001-12-31 CVE-2001-1583

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.

10 2001-12-12 CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

7.2 2001-03-12 CVE-2001-0115

Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.

7.2 2000-06-14 CVE-2000-0471

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

7.2 2000-01-06 CVE-2000-0055

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

10 1999-12-31 CVE-1999-1588

Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.

10 1999-12-09 CVE-1999-0974

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

10 1999-12-07 CVE-1999-0973

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

4.6 1999-09-22 CVE-1999-0786

The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

7.2 1999-09-13 CVE-1999-0691

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

7.5 1999-09-13 CVE-1999-0687

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

7.2 1999-08-09 CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

7.2 1999-06-09 CVE-2000-0118

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

7.5 1999-06-07 CVE-1999-0493

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

4.6 1999-02-10 CVE-1999-0370

In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.

7.2 1998-12-17 CVE-1999-0188

The passwd command in Solaris can be subjected to a denial of service.

7.5 1998-08-31 CVE-1999-0065

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

7.5 1998-07-16 CVE-1999-1432

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

5 1998-06-10 CVE-1999-0054

Sun's ftpd daemon can be subjected to a denial of service.

4.6 1998-05-21 CVE-1999-0303

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

7.2 1998-05-14 CVE-1999-0055

Buffer overflows in Sun libnsl allow root access.

7.2 1998-04-08 CVE-1999-0190

Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

9.3 1998-03-01 CVE-1999-0320

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-189 Numeric Errors

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

SAINT Exploits

Description Link
System V login argument array buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
36583 Solaris nlps_server Listen Port (System V Listener) Remote Overflow
15131 Solaris in.lpd Crafted Job Request Arbitrary Remote Command Execution
14788 IBM AIX FTP Client Pipe Character Arbitrary Command Execution
13635 Red Hat Linux su Failed Password Logging Weakness
11727 syslog Shared Libraries Remote Overflow
11723 expreserve Race Condition Arbitrary File Overwrite Privilege Escalation
11504 BNU UUCP Long Hostname Local Overflow
11492 Solaris OpenWindows sdtcm_convert Overflow
8747 SunOS rpc.cmsd Remote Arbitrary File Overwrite Privilege Escalation
8727 Solaris rpcbind Non-standard Port Assignment Filter Bypass
8726 Solaris rlogin/FTP Trust Arbitrary Command Execution
8673 Solaris chkperm -n Option Local Overflow
8672 Solaris Unprivileged User Core Dump Privilege Escalation
8670 Solaris aspppd /tmp/.asppp.fifo Symlink Privilege Escalation
8420 RPC statd Remote Overflow
8294 Sendmail NOCHAR Control Value prescan Overflow
6787 Solaris fdformat Local Overflow
5892 Solaris catman Arbitrary File Overwrite
5840 Solaris libnsl Library Multiple Overflows
5839 NFS Cache Poisoning
1720 Solaris arp File Function Local Overflow
1398 Solaris ufsrestore pathname Overflow
1159 Solaris snoop GETQUOTA Remote Overflow
1155 Solaris snoop print_domain_name Remote Overflow

ExploitDB Exploits

id Description
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

OpenVAS Exploits

id Description
2011-09-22 Name : Calendar Manager Service rpc.cmsd Service Detection
File : nvt/gb_cde_rpc_cmsd_service_detect.nasl
2008-10-24 Name : SysV /bin/login buffer overflow (telnet)
File : nvt/binlogin_overflow_telnet.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-1 (sendmail)
File : nvt/deb_278_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-2 (sendmail)
File : nvt/deb_278_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 290-1 (sendmail-wide)
File : nvt/deb_290_1.nasl
2005-11-03 Name : Sendmail Group Permissions Vulnerability
File : nvt/sendmail_forword_include.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 portmap ttdbserv request UDP
RuleID : 588-community - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap ttdbserv request UDP
RuleID : 588 - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap amountd request UDP
RuleID : 576-community - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 portmap amountd request UDP
RuleID : 576 - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 Oracle Solaris LPD overflow attempt
RuleID : 3527 - Type : OS-SOLARIS - Revision : 13
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 login buffer overflow attempt
RuleID : 3147 - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 Oracle Solaris npls x86 overflow
RuleID : 300-community - Type : OS-SOLARIS - Revision : 13
2014-01-10 Oracle Solaris npls x86 overflow
RuleID : 300 - Type : OS-SOLARIS - Revision : 13
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262 - Type : SERVER-MAIL - Revision : 16
2014-01-10 VRFY overflow attempt
RuleID : 2260-community - Type : SERVER-MAIL - Revision : 17
2014-01-10 VRFY overflow attempt
RuleID : 2260 - Type : SERVER-MAIL - Revision : 17
2014-01-10 EXPN overflow attempt
RuleID : 2259-community - Type : SERVER-MAIL - Revision : 17
2014-01-10 EXPN overflow attempt
RuleID : 2259 - Type : SERVER-MAIL - Revision : 17

Nessus® Vulnerability Scanner

id Description
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO
2007-05-25 Name: An ONC RPC portmapper is running on the remote host.
File: rpc_portmap_port32771.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_28409.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_29526.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-278.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-290.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2003-042.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2003-121.nasl - Type: ACT_GATHER_INFO
2003-04-03 Name: The remote lpd daemon is vulnerable to arbitrary command execution.
File: solaris_lpd_env_cmd_exec.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2003-03-29 Name: Arbitrary code may be run on the remote server
File: sendmail_conversion_overflow.nasl - Type: ACT_GATHER_INFO
2003-03-11 Name: The remote host has an application that is affected by local privilege escala...
File: sendmail_forword_include.nasl - Type: ACT_GATHER_INFO
2002-10-03 Name: It is possible to execute arbitrary commands on the remote host.
File: ttyprompt.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2001-12-15 Name: It is possible to execute arbitrary code on the remote host.
File: binlogin_overflow_rlogin.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2001-12-15 Name: It is possible to execute arbitrary code on the remote host.
File: binlogin_overflow_telnet.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2000-10-27 Name: The remote name server allows recursive queries to be performed by the host r...
File: bind_query.nasl - Type: ACT_GATHER_INFO