This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1995-11-01
Product Solaris Last view 2008-06-16
Version 7.0 Type Os
Update *  
Edition x86  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

5 2005-12-31 CVE-2005-4797

Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.

3.6 2005-12-31 CVE-2005-4796

Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.

2.1 2005-06-16 CVE-2005-2032

Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

5 2005-05-16 CVE-2005-1591

Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.

2.1 2005-05-11 CVE-2005-1518

Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.

7.2 2005-05-02 CVE-2005-0816

Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.

5.6 2005-03-05 CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

7.2 2004-12-31 CVE-2004-2686

Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.

4.6 2004-12-31 CVE-2004-2306

Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.

7.2 2004-12-31 CVE-2004-1767

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.

7.5 2004-12-21 CVE-2004-1307

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

10 2004-12-07 CVE-2004-1351

Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.

7.2 2004-12-01 CVE-2004-1352

Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.

2.1 2004-08-06 CVE-2004-0654

Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).

4.6 2004-03-04 CVE-2004-1359

Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.

7.2 2004-01-05 CVE-2003-0999

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.

7.2 2003-12-31 CVE-2003-1082

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

7.2 2003-12-31 CVE-2003-1076

Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.

1.2 2003-12-31 CVE-2003-1073

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.

5 2003-12-31 CVE-2003-1066

Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.

4.3 2003-12-15 CVE-2003-0914

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

7.2 2003-12-11 CVE-2003-1056

The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

7.2 2003-12-08 CVE-2003-1057

Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.

3.7 2003-12-03 CVE-2003-1058

The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-189 Numeric Errors
33% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

SAINT Exploits

Description Link
cachefsd heap overflow More info here
Samba call_trans2open buffer overflow More info here
Solaris loadable kernel module directory traversal More info here
System V login argument array buffer overflow More info here
snmpXdmid buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
60454 dtterm Window Title Escape Sequence Arbitrary Command Execution
60301 Solaris vfs_getvfssw Function Traversal Arbitrary Kernel Module Loading Privi...
60103 Solaris Serial Console Terminal Unspecified Local Information Disclosure
60003 Solaris Volume Manager Daemon (vold) Unspecified Local Overflow
59830 Solaris utmp_update Function Local Overflow
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
34752 ISC BIND so_linger Remote DoS
19810 Solaris BSM w/ SUNWscpu Package Removal audit_warn Mail Alert Failure
18809 Solaris XView Text Clipboard Arbitrary File Corruption
18650 Solaris printd Arbitrary File Deletion
17345 Solaris lpadmin Arbitrary File Overwrite
16574 NcFTP Server Response Traversal Arbitrary File Write
16440 Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Informati...
16321 Solaris automountd Unspecified Local DoS
16167 Solaris NIS+ rpc.nisd Unspecified Remote DoS
16005 Solaris ndbm Multiple Function Local Overflow
16004 Solaris dbm Multiple Function Local Overflow
15147 Solaris sendmail .forward Local Privilege Escalation
15146 Solaris FTP Client Debug (-d) Flag Password Disclosure
15145 Solaris UDP RPC Malformed RPC Call Remote DoS
15143 Solaris in.ftpd Unspecified Remote DoS
15142 Solaris at -r Argument Race Condition Arbitrary File Deletion
15141 Solaris rpc.walld Local Message Spoofing
15140 Solaris fs.auto XFS Font Server Crafted XFS Query Remote Overflow
15136 Solaris rpcbind Unspecified Remote DoS

ExploitDB Exploits

id Description
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
1182 Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-06-03 Name : Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112846-01
File : nvt/gb_solaris_112846_01.nasl
2009-06-03 Name : Solaris Update for kcms_server and kcms_configure 111400-04
File : nvt/gb_solaris_111400_04.nasl
2009-06-03 Name : Solaris Update for klmmod and klmops 111321-05
File : nvt/gb_solaris_111321_05.nasl
2009-06-03 Name : Solaris Update for in.fingerd 111232-01
File : nvt/gb_solaris_111232_01.nasl
2009-06-03 Name : Solaris Update for /usr/bin/mailx 110957-02
File : nvt/gb_solaris_110957_02.nasl
2009-06-03 Name : Solaris Update for /usr/sbin/syslogd 110945-10
File : nvt/gb_solaris_110945_10.nasl
2009-06-03 Name : Solaris Update for sdtimage 109932-10
File : nvt/gb_solaris_109932_10.nasl
2009-06-03 Name : Solaris Update for CDE 1.4 109931-10
File : nvt/gb_solaris_109931_10.nasl
2009-06-03 Name : Solaris Update for /usr/lib/nfs/nfsd and /usr/lib/nfs/lockd 109783-03
File : nvt/gb_solaris_109783_03.nasl
2009-06-03 Name : Solaris Update for OpenWindows 3.6.2 111626-04
File : nvt/gb_solaris_111626_04.nasl
2009-06-03 Name : Solaris Update for Xview 111627-03
File : nvt/gb_solaris_111627_03.nasl
2009-06-03 Name : Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112875-01
File : nvt/gb_solaris_112875_01.nasl
2009-06-03 Name : Solaris Update for krb5 lib 112922-02
File : nvt/gb_solaris_112922_02.nasl
2009-06-03 Name : Solaris Update for /usr/sbin/syslogd 112998-05
File : nvt/gb_solaris_112998_05.nasl
2009-06-03 Name : Solaris Update for klmmod 113279-01
File : nvt/gb_solaris_113279_01.nasl
2009-06-03 Name : Solaris Update for uucp 113322-03
File : nvt/gb_solaris_113322_03.nasl
2009-06-03 Name : Solaris Update for /usr/lib/utmp_update 113650-02
File : nvt/gb_solaris_113650_02.nasl
2009-06-03 Name : Solaris Update for at utility 114135-03
File : nvt/gb_solaris_114135_03.nasl
2009-06-03 Name : Solaris Update for CDE 1.5 114219-11
File : nvt/gb_solaris_114219_11.nasl
2009-06-03 Name : Solaris Update for sdtimage 114220-11
File : nvt/gb_solaris_114220_11.nasl
2009-06-03 Name : Solaris Update for /usr/kernel/fs/namefs 114984-02
File : nvt/gb_solaris_114984_02.nasl
2009-06-03 Name : Solaris Update for Xview 119902-01
File : nvt/gb_solaris_119902_01.nasl
2009-05-05 Name : HP-UX Update for sendmail HPSBUX00246
File : nvt/gb_hp_ux_HPSBUX00246.nasl
2009-05-05 Name : HP-UX Update for dtterm HPSBUX00309
File : nvt/gb_hp_ux_HPSBUX00309.nasl
2008-10-24 Name : yppasswdd overflow
File : nvt/yppasswdd.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0012 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0043396

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 RCPT TO overflow
RuleID : 654-community - Type : SERVER-MAIL - Revision : 28
2014-01-10 RCPT TO overflow
RuleID : 654 - Type : SERVER-MAIL - Revision : 28
2014-01-10 portmap snmpXdmi request TCP
RuleID : 593-community - Type : PROTOCOL-RPC - Revision : 31
2014-01-10 portmap snmpXdmi request TCP
RuleID : 593 - Type : PROTOCOL-RPC - Revision : 31
2014-01-10 portmap ttdbserv request UDP
RuleID : 588-community - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap ttdbserv request UDP
RuleID : 588 - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 snmpXdmi overflow attempt TCP
RuleID : 569-community - Type : PROTOCOL-RPC - Revision : 25
2014-01-10 snmpXdmi overflow attempt TCP
RuleID : 569 - Type : PROTOCOL-RPC - Revision : 25
2014-01-10 Oracle Solaris LPD overflow attempt
RuleID : 3527 - Type : OS-SOLARIS - Revision : 13
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 login buffer overflow attempt
RuleID : 3147 - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 Bind Buffer Overflow via NXT records named overflow ADMROCKS
RuleID : 260-community - Type : SERVER-OTHER - Revision : 19
2014-01-10 Bind Buffer Overflow via NXT records named overflow ADMROCKS
RuleID : 260 - Type : SERVER-OTHER - Revision : 19
2014-01-10 Bind Buffer Overflow via NXT records named overflow ADM
RuleID : 259-community - Type : SERVER-OTHER - Revision : 18
2014-01-10 Bind Buffer Overflow via NXT records named overflow ADM
RuleID : 259 - Type : SERVER-OTHER - Revision : 18
2014-01-10 Bind Buffer Overflow via NXT records
RuleID : 258-community - Type : SERVER-OTHER - Revision : 17
2014-01-10 Bind Buffer Overflow via NXT records
RuleID : 258 - Type : SERVER-OTHER - Revision : 17
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268 - Type : SERVER-MAIL - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-01-27 Name: The remote host is missing Sun Security Patch number 113911-02
File: solaris9_113911.nasl - Type: ACT_GATHER_INFO
2014-01-27 Name: The remote host is missing Sun Security Patch number 150863-01
File: solaris8_150863.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_f04cc5cb2d0b11d8beaf000a95c4d922.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35485.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-800.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-476.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-021.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-131-1.nasl - Type: ACT_GATHER_INFO
2005-10-19 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-800.nasl - Type: ACT_GATHER_INFO
2005-08-18 Name: The remote host is missing Sun Security Patch number 119902-01
File: solaris9_x86_119902.nasl - Type: ACT_GATHER_INFO
2005-08-18 Name: The remote host is missing Sun Security Patch number 112811-02
File: solaris9_112811.nasl - Type: ACT_GATHER_INFO
2005-08-02 Name: The remote host is missing Sun Security Patch number 119903-02
File: solaris10_119903.nasl - Type: ACT_GATHER_INFO
2005-08-02 Name: The remote host is missing Sun Security Patch number 119904-02
File: solaris10_x86_119904.nasl - Type: ACT_GATHER_INFO
2005-07-01 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-110.nasl - Type: ACT_GATHER_INFO
2005-07-01 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-111.nasl - Type: ACT_GATHER_INFO
2005-06-08 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-096.nasl - Type: ACT_GATHER_INFO
2005-06-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-476.nasl - Type: ACT_GATHER_INFO
2005-05-03 Name: The remote host is missing a Mac OS X update that fixes a security issue.
File: macosx_SecUpd2005-005.nasl - Type: ACT_GATHER_INFO
2005-04-12 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-021.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_30224.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_29912.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_29526.nasl - Type: ACT_GATHER_INFO
2005-02-16 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_28409.nasl - Type: ACT_GATHER_INFO