Summary
Detail | |||
---|---|---|---|
Vendor | Sun | First view | 2001-08-14 |
Product | Solaris | Last view | 2009-08-07 |
Version | 8.0 | Type | Os |
Update | * | ||
Edition | sparc | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:sun:solaris |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.9 | 2009-08-07 | CVE-2009-2711 | XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. |
10 | 2009-05-26 | CVE-2008-3870 | Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. |
10 | 2009-05-26 | CVE-2008-3869 | Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. |
7.2 | 2008-06-16 | CVE-2008-2710 | Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison. |
7.6 | 2007-11-29 | CVE-2007-6180 | Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. |
4.9 | 2007-10-23 | CVE-2007-5632 | Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions. |
7.8 | 2007-10-15 | CVE-2007-5462 | Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems. |
7.2 | 2007-10-11 | CVE-2007-5365 | Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. |
4.9 | 2007-09-27 | CVE-2007-5132 | Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts." |
4.7 | 2007-09-27 | CVE-2007-5118 | Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors. |
4.9 | 2007-09-06 | CVE-2007-4732 | Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function. |
4.9 | 2007-07-30 | CVE-2007-4070 | Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. |
7.2 | 2007-06-28 | CVE-2007-3471 | Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. |
4.9 | 2007-06-27 | CVE-2007-3458 | The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors. |
6.8 | 2007-06-19 | CVE-2007-3283 | GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console. |
2.6 | 2006-10-10 | CVE-2006-5215 | The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. |
6.6 | 2006-09-26 | CVE-2006-5012 | Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors. |
4.6 | 2006-09-08 | CVE-2006-4655 | Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. |
7.2 | 2006-08-23 | CVE-2006-4319 | Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. |
5 | 2006-07-18 | CVE-2006-3664 | Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors. |
10 | 2002-05-29 | CVE-2002-0033 | Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. |
7.2 | 2002-04-02 | CVE-2002-0158 | Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. |
7.2 | 2002-03-15 | CVE-2002-0089 | Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file. |
7.2 | 2002-03-15 | CVE-2002-0088 | Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path. |
5 | 2002-03-15 | CVE-2002-0085 | cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
22% (2) | CWE-362 | Race Condition |
22% (2) | CWE-189 | Numeric Errors |
22% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
22% (2) | CWE-20 | Improper Input Validation |
11% (1) | CWE-200 | Information Exposure |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-26 | Leveraging Race Conditions |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
SAINT Exploits
Description | Link |
---|---|
cachefsd heap overflow | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
56854 | Solaris XScreenSaver (xscreensaver(1)) PopUp Window Information Disclosure |
54668 | Solaris sadmind Crafted RPC Request Remote Overflow |
54663 | Solaris sadmind RPC Request Parameter Decoding Remote Overflow |
46193 | Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil... |
41687 | Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove... |
40821 | Solaris Remote Procedure Call kernel Module (rpcmod) Unspecified Local Race C... |
40814 | Solaris RPC Services Library (librpcsvc(3LIB)) Unspecified Packet Handling Re... |
38483 | Solaris Kernel Statistics Retrieval Unspecified Local DoS |
37712 | Solaris Kernel Thread Context Handling Local DoS |
37334 | Solaris Human Interface Device (HID) Unspecified Local DoS |
37323 | Solaris Special File System (SPECFS) strfreectty Function Local DoS |
36612 | Solaris Low Bandwidth X Proxy (lbxproxy) Local Privileged File Access |
36608 | Solaris Common Desktop Environment (CDE) Session Manager dtsession Local Over... |
36594 | Solaris libsldap Unspecified Local nscd DoS |
36586 | Solaris GNOME Session xscreensaver Local Session Hijacking |
29579 | Multiple Vendor X Display Manager Xsession Script Symlink Arbitrary File Over... |
29555 | Solaris RBAC format Command Local Overflow |
29153 | Solaris syslog Local DoS |
28622 | X.Org X11 libX11 XKEYBOARD Extension Local Overflow |
27320 | Solaris ypserv Unspecified Remote DoS |
17477 | Solaris cachefsd fscache_setup Function Remote Overflow |
8704 | SCO Xsco -co Argument Local Overflow |
8703 | Solaris Xsun -co Argument Local Overflow |
8702 | Solaris admintool Multiple Argument Local Overflows |
8700 | Solaris admintool Media Installation Path Privilege Escalation |
ExploitDB Exploits
id | Description |
---|---|
4601 | Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit |
2360 | X11R6 <= 6.4 XKEYBOARD - Local Buffer Overflow Exploit (solaris/sparc) |
OpenVAS Exploits
id | Description |
---|---|
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20 File : nvt/gb_solaris_112837_20.nasl |
2009-10-13 | Name : Solaris Update for sadmind 116453-03 File : nvt/gb_solaris_116453_03.nasl |
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19 File : nvt/gb_solaris_114265_19.nasl |
2009-09-23 | Name : Solaris Update for sadmind 116455-02 File : nvt/gb_solaris_116455_02.nasl |
2009-09-23 | Name : Solaris Update for sadmind 116454-03 File : nvt/gb_solaris_116454_03.nasl |
2009-09-23 | Name : Solaris Update for sadmind 116442-02 File : nvt/gb_solaris_116442_02.nasl |
2009-06-03 | Name : Solaris Update for dhcp server and admin 109077-21 File : nvt/gb_solaris_109077_21.nasl |
2009-06-03 | Name : Solaris Update for usr/lib/inet/in.dhcpd 138877-01 File : nvt/gb_solaris_138877_01.nasl |
2009-06-03 | Name : Solaris Update for usr/lib/inet/in.dhcpd 138876-01 File : nvt/gb_solaris_138876_01.nasl |
2009-06-03 | Name : Solaris Update for librpcsvc 127549-01 File : nvt/gb_solaris_127549_01.nasl |
2009-06-03 | Name : Solaris Update for librpcsvc 127548-01 File : nvt/gb_solaris_127548_01.nasl |
2009-06-03 | Name : Solaris Update for librpcsvc 123397-01 File : nvt/gb_solaris_123397_01.nasl |
2009-06-03 | Name : Solaris Update for librpcsvc 123396-01 File : nvt/gb_solaris_123396_01.nasl |
2009-06-03 | Name : Solaris Update for format 114423-07 File : nvt/gb_solaris_114423_07.nasl |
2009-06-03 | Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-17 File : nvt/gb_solaris_114265_17.nasl |
2009-06-03 | Name : Solaris Update for cachefsd 114009-01 File : nvt/gb_solaris_114009_01.nasl |
2009-06-03 | Name : Solaris Update for cachefsd 114008-01 File : nvt/gb_solaris_114008_01.nasl |
2009-06-03 | Name : Solaris Update for dtsession 113241-13 File : nvt/gb_solaris_113241_13.nasl |
2009-06-03 | Name : Solaris Update for CDE 1.5 113240-13 File : nvt/gb_solaris_113240_13.nasl |
2009-06-03 | Name : Solaris Update for /usr/sbin/format 113072-08 File : nvt/gb_solaris_113072_08.nasl |
2009-06-03 | Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18 File : nvt/gb_solaris_112837_18.nasl |
2009-06-03 | Name : Solaris Update for /usr/bin/mailx 110957-02 File : nvt/gb_solaris_110957_02.nasl |
2009-06-03 | Name : Solaris Update for cachefs/mount 110897-03 File : nvt/gb_solaris_110897_03.nasl |
2009-06-03 | Name : Solaris Update for cachefs/mount 110896-03 File : nvt/gb_solaris_110896_03.nasl |
2009-06-03 | Name : Solaris Update for admintool 110453-04 File : nvt/gb_solaris_110453_04.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2009-T-0028 | Multiple Buffer Overflow Vulnerabilities in Sun Solaris Severity: Category II - VMSKEY: V0019230 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-29 | Sun Solaris dhcpd malformed bootp denial of service attempt RuleID : 43752 - Type : SERVER-OTHER - Revision : 2 |
2014-01-10 | cachefsd buffer overflow attempt RuleID : 1751-community - Type : SERVER-OTHER - Revision : 12 |
2014-01-10 | cachefsd buffer overflow attempt RuleID : 1751 - Type : SERVER-OTHER - Revision : 12 |
2014-01-10 | portmap cachefsd request TCP RuleID : 1747-community - Type : PROTOCOL-RPC - Revision : 18 |
2014-01-10 | portmap cachefsd request TCP RuleID : 1747 - Type : PROTOCOL-RPC - Revision : 18 |
2014-01-10 | portmap cachefsd request UDP RuleID : 1746-community - Type : PROTOCOL-RPC - Revision : 20 |
2014-01-10 | portmap cachefsd request UDP RuleID : 1746 - Type : PROTOCOL-RPC - Revision : 20 |
2014-01-10 | Oracle Solaris sadmind TCP data length integer overflow attempt RuleID : 16797 - Type : PROTOCOL-RPC - Revision : 10 |
2014-01-10 | Oracle Solaris sadmind UDP data length integer overflow attempt RuleID : 16796 - Type : PROTOCOL-RPC - Revision : 10 |
2014-01-10 | Oracle Solaris sadmind TCP array size buffer overflow attempt RuleID : 16706 - Type : PROTOCOL-RPC - Revision : 8 |
2014-01-10 | Oracle Solaris sadmind UDP array size buffer overflow attempt RuleID : 16705 - Type : PROTOCOL-RPC - Revision : 8 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-04-02 | Name: The remote host is missing Sun security patch number 119060-45. File: solaris10_x86_119060_45.nasl - Type: ACT_GATHER_INFO |
2015-04-02 | Name: The remote host is missing Sun security patch number 119059-46. File: solaris10_119059_46.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-531-2.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-531-1.nasl - Type: ACT_GATHER_INFO |
2007-10-25 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2007-0970.nasl - Type: ACT_GATHER_INFO |
2007-10-19 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1388.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote host is missing Sun Security Patch number 127549-01 File: solaris8_x86_127549.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote host is missing Sun Security Patch number 123397-01 File: solaris9_x86_123397.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote host is missing Sun Security Patch number 127548-01 File: solaris8_127548.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote host is missing Sun Security Patch number 123396-01 File: solaris9_123396.nasl - Type: ACT_GATHER_INFO |
2007-10-12 | Name: The remote host is missing Sun Security Patch number 115554-26 File: solaris9_x86_115554.nasl - Type: ACT_GATHER_INFO |
2007-07-02 | Name: The remote host is missing Sun Security Patch number 125279-05 File: solaris10_125279.nasl - Type: ACT_GATHER_INFO |
2007-07-02 | Name: The remote host is missing Sun Security Patch number 125280-05 File: solaris10_x86_125280.nasl - Type: ACT_GATHER_INFO |
2007-04-19 | Name: The remote host is missing Sun Security Patch number 115299-01 File: solaris8_x86_115299.nasl - Type: ACT_GATHER_INFO |
2007-04-19 | Name: The remote host is missing Sun Security Patch number 115298-01 File: solaris8_115298.nasl - Type: ACT_GATHER_INFO |
2007-03-18 | Name: The remote host is missing Sun Security Patch number 122300-61 File: solaris9_122300.nasl - Type: ACT_GATHER_INFO |
2007-03-18 | Name: The remote host is missing Sun Security Patch number 122301-61 File: solaris9_x86_122301.nasl - Type: ACT_GATHER_INFO |
2007-02-18 | Name: The remote host is missing Sun Security Patch number 120094-36 File: solaris10_120094.nasl - Type: ACT_GATHER_INFO |
2007-02-18 | Name: The remote host is missing Sun Security Patch number 120095-36 File: solaris10_x86_120095.nasl - Type: ACT_GATHER_INFO |
2007-02-18 | Name: The remote host is missing Sun Security Patch number 124831-01 File: solaris9_x86_124831.nasl - Type: ACT_GATHER_INFO |
2007-02-18 | Name: The remote host is missing Sun Security Patch number 124830-01 File: solaris9_124830.nasl - Type: ACT_GATHER_INFO |
2007-01-08 | Name: The remote host is missing Sun Security Patch number 124457-03 File: solaris10_124457.nasl - Type: ACT_GATHER_INFO |
2006-12-18 | Name: The remote host is missing Sun Security Patch number 124458-03 File: solaris10_x86_124458.nasl - Type: ACT_GATHER_INFO |
2006-11-06 | Name: The remote host is missing Sun Security Patch number 115159-14 File: solaris9_x86_115159.nasl - Type: ACT_GATHER_INFO |
2006-11-06 | Name: The remote host is missing Sun Security Patch number 111844-04 File: solaris8_111844.nasl - Type: ACT_GATHER_INFO |