This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1996-07-25
Product Solaris Last view 2008-06-16
Version 2.5.1 Type Os
Update *  
Edition ppc  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

10 2003-05-05 CVE-2003-0201

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

10 2003-05-05 CVE-2003-0196

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

10 2003-04-02 CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

7.5 2002-12-11 CVE-2002-1317

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

10 2001-12-12 CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

7.2 2000-06-14 CVE-2000-0471

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

7.2 2000-01-06 CVE-2000-0055

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

10 1999-12-10 CVE-1999-0977

Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

10 1999-12-09 CVE-1999-0974

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

2.1 1999-12-01 CVE-1999-0860

Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.

2.1 1999-12-01 CVE-1999-0859

Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.

7.2 1998-08-01 CVE-1999-0339

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

7.5 1998-07-16 CVE-1999-1432

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

5 1998-06-10 CVE-1999-0054

Sun's ftpd daemon can be subjected to a denial of service.

7.2 1998-05-14 CVE-1999-0055

Buffer overflows in Sun libnsl allow root access.

10 1998-04-08 CVE-1999-0009

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

4.6 1998-01-25 CVE-1999-0125

Buffer overflow in SGI IRIX mailx program.

5 1998-01-05 CVE-1999-0513

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

10 1997-10-29 CVE-1999-0097

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

7.2 1997-10-01 CVE-1999-0295

Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.

2.1 1997-06-26 CVE-1999-1423

ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

2.1 1997-05-17 CVE-1999-1402

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

7.2 1997-04-26 CVE-1999-0038

Buffer overflow in xlock program allows local users to execute commands as root.

7.2 1997-02-10 CVE-1999-0109

Buffer overflow in ffbconfig in Solaris 2.5.1.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-189 Numeric Errors

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

SAINT Exploits

Description Link
Samba call_trans2open buffer overflow More info here
System V login argument array buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
15140 Solaris fs.auto XFS Font Server Crafted XFS Query Remote Overflow
14788 IBM AIX FTP Client Pipe Character Arbitrary Command Execution
13397 Samba Multiple Unspecified Overflows
8673 Solaris chkperm -n Option Local Overflow
8294 Sendmail NOCHAR Control Value prescan Overflow
6994 Solaris chkperm VMSYS Environmental Variable Symlink Arbitrary File Disclosure
5840 Solaris libnsl Library Multiple Overflows
4469 Samba trans2.c call_trans2open() Function Overflow
2558 Solaris sadmind amsl_verify() Remote Overflow
1398 Solaris ufsrestore pathname Overflow
1159 Solaris snoop GETQUOTA Remote Overflow
1148 Solaris arp -f Option Arbitrary File Disclosure
1107 Solaris in.ftpd Remote DoS
1006 Multiple Vendor Unix Domain Socket
1000 Solaris libauth Local Overflow
991 Multiple Vendor mailx Local Overflow
964 Solaris admintool Insecure Temporary File Creation
951 Multiple Vendor rlogin TERM Variable Overflow
950 Solaris sysdef Memory Access Information Disclosure
941 Multiple Vendor xlock Local Overflow
935 Solaris Multicast Address ping -i DoS
932 Solaris ffbconfig Local Overflow
921 Solaris Powermanagement xlock Privilege Escalation
916 Multiple Vendor ICMP Broadcast Flood DoS (smurf)

ExploitDB Exploits

id Description
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

OpenVAS Exploits

id Description
2008-10-24 Name : SysV /bin/login buffer overflow (telnet)
File : nvt/binlogin_overflow_telnet.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-1 (sendmail)
File : nvt/deb_278_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-2 (sendmail)
File : nvt/deb_278_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 280-1 (samba)
File : nvt/deb_280_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 290-1 (sendmail-wide)
File : nvt/deb_290_1.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 UDP inverse query overflow
RuleID : 3154-community - Type : PROTOCOL-DNS - Revision : 12
2014-01-10 UDP inverse query overflow
RuleID : 3154 - Type : PROTOCOL-DNS - Revision : 12
2014-01-10 TCP inverse query overflow
RuleID : 3153-community - Type : PROTOCOL-DNS - Revision : 9
2014-01-10 TCP inverse query overflow
RuleID : 3153 - Type : PROTOCOL-DNS - Revision : 9
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 login buffer overflow attempt
RuleID : 3147 - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262 - Type : SERVER-MAIL - Revision : 16
2014-01-10 VRFY overflow attempt
RuleID : 2260-community - Type : SERVER-MAIL - Revision : 17
2014-01-10 VRFY overflow attempt
RuleID : 2260 - Type : SERVER-MAIL - Revision : 17
2014-01-10 EXPN overflow attempt
RuleID : 2259-community - Type : SERVER-MAIL - Revision : 17
2014-01-10 EXPN overflow attempt
RuleID : 2259 - Type : SERVER-MAIL - Revision : 17
2014-01-10 Sendmail Content-Transfer-Encoding overflow attempt
RuleID : 2183-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail Content-Transfer-Encoding overflow attempt
RuleID : 2183 - Type : SERVER-MAIL - Revision : 16
2014-01-10 SMB Trans2 OPEN2 unicode maximum param count overflow attempt
RuleID : 2103-community - Type : NETBIOS - Revision : 16

Nessus® Vulnerability Scanner

id Description
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_12957.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_28409.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_29526.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-278.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-280.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-290.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2003-042.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2003-044.nasl - Type: ACT_GATHER_INFO
2004-07-25 Name: The remote host is missing a vendor-supplied security patch.
File: suse_SA_2003_025.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2003-121.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2003-138.nasl - Type: ACT_GATHER_INFO
2003-04-07 Name: Arbitrary code may be run on the remote server.
File: samba_trans2open_overflow.nasl - Type: ACT_ATTACK
2003-03-29 Name: Arbitrary code may be run on the remote server
File: sendmail_conversion_overflow.nasl - Type: ACT_GATHER_INFO
2002-12-04 Name: The remote font service is affected by a buffer overflow.
File: xfs_overflow.nasl - Type: ACT_MIXED_ATTACK
2002-10-03 Name: It is possible to execute arbitrary commands on the remote host.
File: ttyprompt.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2002-04-02 Name: It is possible to use the remote name server to break into the remote host.
File: bind_iquery.nasl - Type: ACT_GATHER_INFO
2001-12-15 Name: It is possible to execute arbitrary code on the remote host.
File: binlogin_overflow_telnet.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2001-12-15 Name: It is possible to execute arbitrary code on the remote host.
File: binlogin_overflow_rlogin.nasl - Type: ACT_DESTRUCTIVE_ATTACK