This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1995-11-01
Product Solaris Last view 2008-06-16
Version 2.5 Type Os
Update *  
Edition x86  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

3.6 2005-12-31 CVE-2005-4796

Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.

10 2003-04-02 CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

10 2001-12-31 CVE-2001-1583

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.

2.1 2001-12-31 CVE-2001-1503

The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.

10 2001-12-12 CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

4.6 2001-08-14 CVE-2001-0565

Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.

7.2 2001-07-05 CVE-2001-1076

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.

7.2 2001-03-12 CVE-2001-0115

Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.

7.2 2000-06-14 CVE-2000-0471

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

7.2 2000-01-06 CVE-2000-0055

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

10 1999-12-31 CVE-1999-1588

Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.

10 1999-12-10 CVE-1999-0977

Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

10 1999-12-09 CVE-1999-0974

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

10 1999-12-07 CVE-1999-0973

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

4.6 1999-09-22 CVE-1999-0786

The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

7.2 1999-09-13 CVE-1999-0689

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

7.5 1999-09-13 CVE-1999-0687

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

4.6 1999-08-09 CVE-1999-0676

sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

7.2 1999-08-09 CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

10 1999-07-01 CVE-1999-0696

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

7.5 1999-06-07 CVE-1999-0493

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

2.1 1999-01-07 CVE-1999-0442

Solaris ff.core allows local users to modify files.

7.2 1998-12-17 CVE-1999-0188

The passwd command in Solaris can be subjected to a denial of service.

7.2 1998-12-12 CVE-1999-0139

Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-189 Numeric Errors

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

SAINT Exploits

Description Link
System V login argument array buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
36583 Solaris nlps_server Listen Port (System V Listener) Remote Overflow
18809 Solaris XView Text Clipboard Arbitrary File Corruption
15131 Solaris in.lpd Crafted Job Request Arbitrary Remote Command Execution
14788 IBM AIX FTP Client Pipe Character Arbitrary Command Execution
11504 BNU UUCP Long Hostname Local Overflow
11492 Solaris OpenWindows sdtcm_convert Overflow
8747 SunOS rpc.cmsd Remote Arbitrary File Overwrite Privilege Escalation
8727 Solaris rpcbind Non-standard Port Assignment Filter Bypass
8726 Solaris rlogin/FTP Trust Arbitrary Command Execution
8697 Solaris whodo Multiple Variable Local Overflow
8673 Solaris chkperm -n Option Local Overflow
8670 Solaris aspppd /tmp/.asppp.fifo Symlink Privilege Escalation
8420 RPC statd Remote Overflow
8294 Sendmail NOCHAR Control Value prescan Overflow
8205 Solaris x86 mkcookie Privilege Escalation Overflow
7404 CDE Calendar Manager Service Daemon (rpc.cmsd) Overflow
6787 Solaris fdformat Local Overflow
5856 X Windows Magic Cookie Prediction Command Execution
5840 Solaris libnsl Library Multiple Overflows
2558 Solaris sadmind amsl_verify() Remote Overflow
1788 Multiple Vendor mailx -F Command Line Overflow
1720 Solaris arp File Function Local Overflow
1398 Solaris ufsrestore pathname Overflow
1159 Solaris snoop GETQUOTA Remote Overflow

ExploitDB Exploits

id Description
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

OpenVAS Exploits

id Description
2011-09-22 Name : Calendar Manager Service rpc.cmsd Service Detection
File : nvt/gb_cde_rpc_cmsd_service_detect.nasl
2009-06-03 Name : Solaris Update for /usr/bin/mailx 110957-02
File : nvt/gb_solaris_110957_02.nasl
2009-06-03 Name : Solaris Update for in.fingerd 111232-01
File : nvt/gb_solaris_111232_01.nasl
2009-06-03 Name : Solaris Update for OpenWindows 3.6.2 111626-04
File : nvt/gb_solaris_111626_04.nasl
2009-06-03 Name : Solaris Update for Xview 111627-03
File : nvt/gb_solaris_111627_03.nasl
2009-06-03 Name : Solaris Update for Xview 119902-01
File : nvt/gb_solaris_119902_01.nasl
2008-10-24 Name : SysV /bin/login buffer overflow (telnet)
File : nvt/binlogin_overflow_telnet.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-1 (sendmail)
File : nvt/deb_278_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-2 (sendmail)
File : nvt/deb_278_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 290-1 (sendmail-wide)
File : nvt/deb_290_1.nasl
2005-11-03 Name : Sendmail Group Permissions Vulnerability
File : nvt/sendmail_forword_include.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 portmap ttdbserv request UDP
RuleID : 588-community - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap ttdbserv request UDP
RuleID : 588 - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap amountd request UDP
RuleID : 576-community - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 portmap amountd request UDP
RuleID : 576 - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 Oracle Solaris LPD overflow attempt
RuleID : 3527 - Type : OS-SOLARIS - Revision : 13
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 UDP inverse query overflow
RuleID : 3154-community - Type : PROTOCOL-DNS - Revision : 12
2014-01-10 UDP inverse query overflow
RuleID : 3154 - Type : PROTOCOL-DNS - Revision : 12
2014-01-10 TCP inverse query overflow
RuleID : 3153-community - Type : PROTOCOL-DNS - Revision : 9
2014-01-10 TCP inverse query overflow
RuleID : 3153 - Type : PROTOCOL-DNS - Revision : 9
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 login buffer overflow attempt
RuleID : 3147 - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 Oracle Solaris npls x86 overflow
RuleID : 300-community - Type : OS-SOLARIS - Revision : 13
2014-01-10 Oracle Solaris npls x86 overflow
RuleID : 300 - Type : OS-SOLARIS - Revision : 13
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262 - Type : SERVER-MAIL - Revision : 16

Nessus® Vulnerability Scanner

id Description
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO
2007-05-25 Name: An ONC RPC portmapper is running on the remote host.
File: rpc_portmap_port32771.nasl - Type: ACT_GATHER_INFO
2005-08-18 Name: The remote host is missing Sun Security Patch number 119902-01
File: solaris9_x86_119902.nasl - Type: ACT_GATHER_INFO
2005-08-18 Name: The remote host is missing Sun Security Patch number 112811-02
File: solaris9_112811.nasl - Type: ACT_GATHER_INFO
2005-08-02 Name: The remote host is missing Sun Security Patch number 119904-02
File: solaris10_x86_119904.nasl - Type: ACT_GATHER_INFO
2005-08-02 Name: The remote host is missing Sun Security Patch number 119903-02
File: solaris10_119903.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_12957.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_28409.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_29526.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-278.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-290.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2003-042.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 111626-04
File: solaris8_111626.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 111627-03
File: solaris8_x86_111627.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2003-121.nasl - Type: ACT_GATHER_INFO
2003-04-03 Name: The remote lpd daemon is vulnerable to arbitrary command execution.
File: solaris_lpd_env_cmd_exec.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2003-03-29 Name: Arbitrary code may be run on the remote server
File: sendmail_conversion_overflow.nasl - Type: ACT_GATHER_INFO
2003-03-11 Name: The remote host has an application that is affected by local privilege escala...
File: sendmail_forword_include.nasl - Type: ACT_GATHER_INFO
2002-10-03 Name: It is possible to execute arbitrary commands on the remote host.
File: ttyprompt.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2002-04-02 Name: It is possible to use the remote name server to break into the remote host.
File: bind_iquery.nasl - Type: ACT_GATHER_INFO
2001-12-15 Name: It is possible to execute arbitrary code on the remote host.
File: binlogin_overflow_telnet.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2001-12-15 Name: It is possible to execute arbitrary code on the remote host.
File: binlogin_overflow_rlogin.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2001-10-22 Name: The remote finger service has an information disclosure vulnerability.
File: finger_solaris_disclosure.nasl - Type: ACT_GATHER_INFO
2000-10-27 Name: The remote name server allows recursive queries to be performed by the host r...
File: bind_query.nasl - Type: ACT_GATHER_INFO