This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2008-02-29
Product Solaris Last view 2009-10-01
Version 8 Type Os
Update *  
Edition x86  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.9 2009-10-01 CVE-2009-3519

Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages.

7.2 2009-09-14 CVE-2009-3183

Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.

7.8 2009-08-27 CVE-2009-2972

in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."

4.9 2009-08-21 CVE-2009-2912

The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.

4.9 2009-08-19 CVE-2009-2857

The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.

4.6 2009-07-10 CVE-2009-2430

Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors.

4.7 2009-06-05 CVE-2009-1933

Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors.

2.1 2009-04-09 CVE-2009-1276

XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.

4.4 2009-04-01 CVE-2009-1207

Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.

6.9 2009-03-12 CVE-2009-0875

Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.

4.9 2009-03-12 CVE-2009-0874

Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function.

4.9 2009-02-09 CVE-2009-0480

The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.

6.9 2009-01-28 CVE-2009-0319

Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."

4.9 2009-01-26 CVE-2009-0268

Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.

4.9 2009-01-15 CVE-2009-0132

Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument).

2.1 2008-12-19 CVE-2008-5690

The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.

5 2008-12-19 CVE-2008-5684

Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).

10 2008-11-10 CVE-2008-5010

in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.

10 2008-10-14 CVE-2008-4556

Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.

4.7 2008-09-22 CVE-2008-4160

Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.

7.2 2008-09-19 CVE-2008-4131

Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.

7.2 2008-09-02 CVE-2008-3875

The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.

9.3 2008-08-08 CVE-2008-0965

Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

9.3 2008-08-08 CVE-2008-0964

Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

2.1 2008-07-31 CVE-2008-3426

Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.

CWE : Common Weakness Enumeration

%idName
30% (8) CWE-399 Resource Management Errors
15% (4) CWE-362 Race Condition
11% (3) CWE-264 Permissions, Privileges, and Access Controls
11% (3) CWE-189 Numeric Errors
11% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (2) CWE-255 Credentials Management
3% (1) CWE-200 Information Exposure
3% (1) CWE-134 Uncontrolled Format String
3% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
58449 Solaris Kernel IP Module Unspecified Local DoS
58110 Solaris w(1) Utility Local Overflow
57372 Solaris Print Service (in.lpd(1M)) Unspecified Remote DoS
57169 Solaris sendfile / sendfilev Extended Library Functions Unspecified DoS
57151 Solaris Kernel Filesystem / Virtual Memory Subsystem Interaction Unspecified ...
55330 Solaris auditconfig RBAC Execution Profile Local Privilege Escalation
54979 Kerberos on Solaris Local NFS Mount/Share Credential Cache Management Unspeci...
53628 Solaris XScreenSaver PopUp Window Information Disclosure
53139 Solaris dircmp Race Condition Arbitrary File Overwrite
52563 Solaris Kernel Doors Subsystem Unspecified Local Privilege Escalation
52561 Solaris Kernel Doors Subsystem Multiple Unspecified Local DoS
52556 Solaris IP Implementation Socket Minor Number Allocation Local DoS
52554 Solaris autofs Kernel Module Unspecified Local Privilege Escalation
52541 Solaris Pseudo-terminal (aka pty) Driver Module Unspecified Local DoS
52532 Solaris X Inter Client Exchange library (aka libICE) Port Scan DoS
51278 Solaris aio_suspend Function Local Overflow DoS
50926 Solaris Kerberos Credential Renewal Feature Unspecified Cache File Handling L...
49111 Sun Solstice AdminSuite on Solaris sadmind adm_build_path Function Remote Ove...
48774 Avaya CMS Solaris ACL for UFS File Systems NULL Dereference Local DoS
48233 Solaris acl(2) for UFS File Systems Unspecified Local DoS
48197 Solaris Multiple Editors ctags Tag File Handling Local Privilege Escalation
47857 Solaris Kernel Covert Channel Security Restriction Bypass
47422 Solaris snoop(1M) SMB Traffic Monitoring Multiple Unspecified Remote Format S...
47421 Solaris snoop(1M) SMB Traffic Monitoring Multiple Unspecified Remote Overflows
47255 Solaris picld(1M) Unspecified Local DoS

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-13 Name : Solaris Update for w and whodo 142286-01
File : nvt/gb_solaris_142286_01.nasl
2009-10-13 Name : Solaris Update for w and whodo 142285-01
File : nvt/gb_solaris_142285_01.nasl
2009-10-13 Name : Solaris Update for c2audit and auditconfig 140922-02
File : nvt/gb_solaris_140922_02.nasl
2009-10-13 Name : Solaris Update for c2audit and auditconfig 140921-02
File : nvt/gb_solaris_140921_02.nasl
2009-09-23 Name : Solaris Update for c2audit and auditconfig 140922-01
File : nvt/gb_solaris_140922_01.nasl
2009-09-23 Name : Solaris Update for c2audit and auditconfig 140921-01
File : nvt/gb_solaris_140921_01.nasl
2009-06-03 Name : Solaris Update for kernel/sys/kaio 138577-01
File : nvt/gb_solaris_138577_01.nasl
2009-06-03 Name : Solaris Update for usr/bin/dircmp 140838-01
File : nvt/gb_solaris_140838_01.nasl
2009-06-03 Name : Solaris Update for usr/bin/dircmp 140837-01
File : nvt/gb_solaris_140837_01.nasl
2009-06-03 Name : Solaris Update for ptsl 140427-01
File : nvt/gb_solaris_140427_01.nasl
2009-06-03 Name : Solaris Update for ptsl 140426-01
File : nvt/gb_solaris_140426_01.nasl
2009-06-03 Name : Solaris Update for usr/bin/dircmp 138897-01
File : nvt/gb_solaris_138897_01.nasl
2009-06-03 Name : Solaris Update for usr/bin/dircmp 138896-01
File : nvt/gb_solaris_138896_01.nasl
2009-06-03 Name : Solaris Update for kernel/sys/kaio 138578-01
File : nvt/gb_solaris_138578_01.nasl
2009-06-03 Name : Solaris Update for edit, ex, vedit, vi and view 110904-08
File : nvt/gb_solaris_110904_08.nasl
2009-06-03 Name : Solaris Update for picld 137401-01
File : nvt/gb_solaris_137401_01.nasl
2009-06-03 Name : Solaris Update for picld 137400-01
File : nvt/gb_solaris_137400_01.nasl
2009-06-03 Name : Solaris Update for vi and ex 120831-06
File : nvt/gb_solaris_120831_06.nasl
2009-06-03 Name : Solaris Update for vi and ex 120830-06
File : nvt/gb_solaris_120830_06.nasl
2009-06-03 Name : Solaris Update for edit, ex, vedit, vi and view 116479-02
File : nvt/gb_solaris_116479_02.nasl
2009-06-03 Name : Solaris Update for autofs 116053-03
File : nvt/gb_solaris_116053_03.nasl
2009-06-03 Name : Solaris Update for snoop 114262-05
File : nvt/gb_solaris_114262_05.nasl
2009-06-03 Name : Solaris Update for utmp_update 113996-02
File : nvt/gb_solaris_113996_02.nasl
2009-06-03 Name : Solaris Update for usr/lib/utmp_update 113718-02
File : nvt/gb_solaris_113718_02.nasl
2009-06-03 Name : Solaris Update for logindmux/llc1/ptsl/bufmod/ptem 113686-06
File : nvt/gb_solaris_113686_06.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-T-0048 Sun Solaris Print Service Vulnerability
Severity: Category I - VMSKEY: V0019905
2009-T-0028 Multiple Buffer Overflow Vulnerabilities in Sun Solaris
Severity: Category II - VMSKEY: V0019230
2009-T-0001 Sun Solaris X Inter Client Exchange Library (libICE) Denial of Service Vulner...
Severity: Category I - VMSKEY: V0017981
2008-T-0043 Multiple Sun Solaris snoop Vulnerabilities
Severity: Category II - VMSKEY: V0017141
2008-T-0029 Sun Solaris Unspecified Remote Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0016060
2008-T-0014 Sun Solaris Self Encapsulated IP Packets Remote Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0015979

Snort® IPS/IDS

Date Description
2014-01-10 portmap Solaris sadmin udp adm_build_path overflow attempt
RuleID : 16449 - Type : PROTOCOL-RPC - Revision : 4
2014-01-10 portmap Solaris sadmin tcp adm_build_path overflow attempt
RuleID : 16448 - Type : PROTOCOL-RPC - Revision : 5
2014-01-10 Solaris UDP portmap sadmin request attempt
RuleID : 16447 - Type : PROTOCOL-RPC - Revision : 9
2014-01-10 portmap Solaris sadmin tcp request
RuleID : 16446 - Type : PROTOCOL-RPC - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-04-02 Name: The remote host is missing Sun security patch number 119060-45.
File: solaris10_x86_119060_45.nasl - Type: ACT_GATHER_INFO
2015-04-02 Name: The remote host is missing Sun security patch number 119059-46.
File: solaris10_119059_46.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 140837-01
File: solaris8_140837.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 140838-01
File: solaris8_x86_140838.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 138896-01
File: solaris9_138896.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 138897-01
File: solaris9_x86_138897.nasl - Type: ACT_GATHER_INFO
2009-02-02 Name: The remote host is missing Sun Security Patch number 140426-01
File: solaris9_140426.nasl - Type: ACT_GATHER_INFO
2009-02-02 Name: The remote host is missing Sun Security Patch number 140427-01
File: solaris9_x86_140427.nasl - Type: ACT_GATHER_INFO
2009-01-19 Name: The remote host is missing Sun Security Patch number 138578-01
File: solaris9_x86_138578.nasl - Type: ACT_GATHER_INFO
2009-01-19 Name: The remote host is missing Sun Security Patch number 138577-01
File: solaris9_138577.nasl - Type: ACT_GATHER_INFO
2008-09-17 Name: The remote host is missing Sun Security Patch number 116479-02
File: solaris9_x86_116479.nasl - Type: ACT_GATHER_INFO
2008-09-17 Name: The remote host is missing Sun Security Patch number 113031-04
File: solaris9_113031.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 108964-11
File: solaris8_108964.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 114262-05
File: solaris9_x86_114262.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 112915-06
File: solaris9_112915.nasl - Type: ACT_GATHER_INFO
2008-08-17 Name: The remote host is missing Sun Security Patch number 108965-11
File: solaris8_x86_108965.nasl - Type: ACT_GATHER_INFO
2008-07-08 Name: The remote host is missing Sun Security Patch number 137403-02
File: solaris9_x86_137403.nasl - Type: ACT_GATHER_INFO
2008-07-08 Name: The remote host is missing Sun Security Patch number 137402-02
File: solaris9_137402.nasl - Type: ACT_GATHER_INFO
2008-05-17 Name: The remote host is missing Sun Security Patch number 120831-06
File: solaris10_x86_120831.nasl - Type: ACT_GATHER_INFO
2008-05-17 Name: The remote host is missing Sun Security Patch number 120830-06
File: solaris10_120830.nasl - Type: ACT_GATHER_INFO
2008-01-04 Name: The remote host is missing Sun Security Patch number 128625-11
File: solaris8_x86_128625.nasl - Type: ACT_GATHER_INFO
2008-01-02 Name: The remote host is missing Sun Security Patch number 128624-11
File: solaris8_128624.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-2.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-1.nasl - Type: ACT_GATHER_INFO
2007-10-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1388.nasl - Type: ACT_GATHER_INFO