This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2001-08-14
Product Solaris Last view 2009-08-07
Version 8.0 Type Os
Update *  
Edition sparc  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.9 2009-08-07 CVE-2009-2711

XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.

10 2009-05-26 CVE-2008-3870

Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.

10 2009-05-26 CVE-2008-3869

Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.

7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

7.6 2007-11-29 CVE-2007-6180

Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.

4.9 2007-10-23 CVE-2007-5632

Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.

7.8 2007-10-15 CVE-2007-5462

Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.

7.2 2007-10-11 CVE-2007-5365

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

4.9 2007-09-27 CVE-2007-5132

Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."

4.7 2007-09-27 CVE-2007-5118

Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.

4.9 2007-09-06 CVE-2007-4732

Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.

4.9 2007-07-30 CVE-2007-4070

Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.

7.2 2007-06-28 CVE-2007-3471

Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.

4.9 2007-06-27 CVE-2007-3458

The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.

6.8 2007-06-19 CVE-2007-3283

GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.

2.6 2006-10-10 CVE-2006-5215

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

6.6 2006-09-26 CVE-2006-5012

Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.

4.6 2006-09-08 CVE-2006-4655

Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.

7.2 2006-08-23 CVE-2006-4319

Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

5 2006-07-18 CVE-2006-3664

Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.

10 2002-05-29 CVE-2002-0033

Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.

7.2 2002-04-02 CVE-2002-0158

Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.

7.2 2002-03-15 CVE-2002-0089

Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.

7.2 2002-03-15 CVE-2002-0088

Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.

5 2002-03-15 CVE-2002-0085

cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.

CWE : Common Weakness Enumeration

%idName
22% (2) CWE-362 Race Condition
22% (2) CWE-189 Numeric Errors
22% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
22% (2) CWE-20 Improper Input Validation
11% (1) CWE-200 Information Exposure

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

SAINT Exploits

Description Link
cachefsd heap overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
56854 Solaris XScreenSaver (xscreensaver(1)) PopUp Window Information Disclosure
54668 Solaris sadmind Crafted RPC Request Remote Overflow
54663 Solaris sadmind RPC Request Parameter Decoding Remote Overflow
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
41687 Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove...
40821 Solaris Remote Procedure Call kernel Module (rpcmod) Unspecified Local Race C...
40814 Solaris RPC Services Library (librpcsvc(3LIB)) Unspecified Packet Handling Re...
38483 Solaris Kernel Statistics Retrieval Unspecified Local DoS
37712 Solaris Kernel Thread Context Handling Local DoS
37334 Solaris Human Interface Device (HID) Unspecified Local DoS
37323 Solaris Special File System (SPECFS) strfreectty Function Local DoS
36612 Solaris Low Bandwidth X Proxy (lbxproxy) Local Privileged File Access
36608 Solaris Common Desktop Environment (CDE) Session Manager dtsession Local Over...
36594 Solaris libsldap Unspecified Local nscd DoS
36586 Solaris GNOME Session xscreensaver Local Session Hijacking
29579 Multiple Vendor X Display Manager Xsession Script Symlink Arbitrary File Over...
29555 Solaris RBAC format Command Local Overflow
29153 Solaris syslog Local DoS
28622 X.Org X11 libX11 XKEYBOARD Extension Local Overflow
27320 Solaris ypserv Unspecified Remote DoS
17477 Solaris cachefsd fscache_setup Function Remote Overflow
8704 SCO Xsco -co Argument Local Overflow
8703 Solaris Xsun -co Argument Local Overflow
8702 Solaris admintool Multiple Argument Local Overflows
8700 Solaris admintool Media Installation Path Privilege Escalation

ExploitDB Exploits

id Description
4601 Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit
2360 X11R6 <= 6.4 XKEYBOARD - Local Buffer Overflow Exploit (solaris/sparc)

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20
File : nvt/gb_solaris_112837_20.nasl
2009-10-13 Name : Solaris Update for sadmind 116453-03
File : nvt/gb_solaris_116453_03.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19
File : nvt/gb_solaris_114265_19.nasl
2009-09-23 Name : Solaris Update for sadmind 116455-02
File : nvt/gb_solaris_116455_02.nasl
2009-09-23 Name : Solaris Update for sadmind 116454-03
File : nvt/gb_solaris_116454_03.nasl
2009-09-23 Name : Solaris Update for sadmind 116442-02
File : nvt/gb_solaris_116442_02.nasl
2009-06-03 Name : Solaris Update for dhcp server and admin 109077-21
File : nvt/gb_solaris_109077_21.nasl
2009-06-03 Name : Solaris Update for usr/lib/inet/in.dhcpd 138877-01
File : nvt/gb_solaris_138877_01.nasl
2009-06-03 Name : Solaris Update for usr/lib/inet/in.dhcpd 138876-01
File : nvt/gb_solaris_138876_01.nasl
2009-06-03 Name : Solaris Update for librpcsvc 127549-01
File : nvt/gb_solaris_127549_01.nasl
2009-06-03 Name : Solaris Update for librpcsvc 127548-01
File : nvt/gb_solaris_127548_01.nasl
2009-06-03 Name : Solaris Update for librpcsvc 123397-01
File : nvt/gb_solaris_123397_01.nasl
2009-06-03 Name : Solaris Update for librpcsvc 123396-01
File : nvt/gb_solaris_123396_01.nasl
2009-06-03 Name : Solaris Update for format 114423-07
File : nvt/gb_solaris_114423_07.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-17
File : nvt/gb_solaris_114265_17.nasl
2009-06-03 Name : Solaris Update for cachefsd 114009-01
File : nvt/gb_solaris_114009_01.nasl
2009-06-03 Name : Solaris Update for cachefsd 114008-01
File : nvt/gb_solaris_114008_01.nasl
2009-06-03 Name : Solaris Update for dtsession 113241-13
File : nvt/gb_solaris_113241_13.nasl
2009-06-03 Name : Solaris Update for CDE 1.5 113240-13
File : nvt/gb_solaris_113240_13.nasl
2009-06-03 Name : Solaris Update for /usr/sbin/format 113072-08
File : nvt/gb_solaris_113072_08.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18
File : nvt/gb_solaris_112837_18.nasl
2009-06-03 Name : Solaris Update for /usr/bin/mailx 110957-02
File : nvt/gb_solaris_110957_02.nasl
2009-06-03 Name : Solaris Update for cachefs/mount 110897-03
File : nvt/gb_solaris_110897_03.nasl
2009-06-03 Name : Solaris Update for cachefs/mount 110896-03
File : nvt/gb_solaris_110896_03.nasl
2009-06-03 Name : Solaris Update for admintool 110453-04
File : nvt/gb_solaris_110453_04.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-T-0028 Multiple Buffer Overflow Vulnerabilities in Sun Solaris
Severity: Category II - VMSKEY: V0019230

Snort® IPS/IDS

Date Description
2017-08-29 Sun Solaris dhcpd malformed bootp denial of service attempt
RuleID : 43752 - Type : SERVER-OTHER - Revision : 2
2014-01-10 cachefsd buffer overflow attempt
RuleID : 1751-community - Type : SERVER-OTHER - Revision : 12
2014-01-10 cachefsd buffer overflow attempt
RuleID : 1751 - Type : SERVER-OTHER - Revision : 12
2014-01-10 portmap cachefsd request TCP
RuleID : 1747-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap cachefsd request TCP
RuleID : 1747 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap cachefsd request UDP
RuleID : 1746-community - Type : PROTOCOL-RPC - Revision : 20
2014-01-10 portmap cachefsd request UDP
RuleID : 1746 - Type : PROTOCOL-RPC - Revision : 20
2014-01-10 Oracle Solaris sadmind TCP data length integer overflow attempt
RuleID : 16797 - Type : PROTOCOL-RPC - Revision : 10
2014-01-10 Oracle Solaris sadmind UDP data length integer overflow attempt
RuleID : 16796 - Type : PROTOCOL-RPC - Revision : 10
2014-01-10 Oracle Solaris sadmind TCP array size buffer overflow attempt
RuleID : 16706 - Type : PROTOCOL-RPC - Revision : 8
2014-01-10 Oracle Solaris sadmind UDP array size buffer overflow attempt
RuleID : 16705 - Type : PROTOCOL-RPC - Revision : 8

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-04-02 Name: The remote host is missing Sun security patch number 119060-45.
File: solaris10_x86_119060_45.nasl - Type: ACT_GATHER_INFO
2015-04-02 Name: The remote host is missing Sun security patch number 119059-46.
File: solaris10_119059_46.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-2.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-1.nasl - Type: ACT_GATHER_INFO
2007-10-25 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2007-0970.nasl - Type: ACT_GATHER_INFO
2007-10-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1388.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 127549-01
File: solaris8_x86_127549.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 123397-01
File: solaris9_x86_123397.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 127548-01
File: solaris8_127548.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 123396-01
File: solaris9_123396.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 115554-26
File: solaris9_x86_115554.nasl - Type: ACT_GATHER_INFO
2007-07-02 Name: The remote host is missing Sun Security Patch number 125279-05
File: solaris10_125279.nasl - Type: ACT_GATHER_INFO
2007-07-02 Name: The remote host is missing Sun Security Patch number 125280-05
File: solaris10_x86_125280.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 115299-01
File: solaris8_x86_115299.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 115298-01
File: solaris8_115298.nasl - Type: ACT_GATHER_INFO
2007-03-18 Name: The remote host is missing Sun Security Patch number 122300-61
File: solaris9_122300.nasl - Type: ACT_GATHER_INFO
2007-03-18 Name: The remote host is missing Sun Security Patch number 122301-61
File: solaris9_x86_122301.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120094-36
File: solaris10_120094.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120095-36
File: solaris10_x86_120095.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 124831-01
File: solaris9_x86_124831.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 124830-01
File: solaris9_124830.nasl - Type: ACT_GATHER_INFO
2007-01-08 Name: The remote host is missing Sun Security Patch number 124457-03
File: solaris10_124457.nasl - Type: ACT_GATHER_INFO
2006-12-18 Name: The remote host is missing Sun Security Patch number 124458-03
File: solaris10_x86_124458.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115159-14
File: solaris9_x86_115159.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 111844-04
File: solaris8_111844.nasl - Type: ACT_GATHER_INFO