This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2000-04-24
Product Solaris Last view 2009-06-11
Version 8.0 Type Os
Update *  
Edition x86  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5 2009-06-11 CVE-2009-2029

Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.

10 2009-05-26 CVE-2008-3870

Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.

10 2009-05-26 CVE-2008-3869

Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.

7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

7.6 2007-11-29 CVE-2007-6180

Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.

4.9 2007-10-23 CVE-2007-5632

Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.

7.8 2007-10-15 CVE-2007-5462

Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.

7.2 2007-10-11 CVE-2007-5365

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

3.5 2007-10-09 CVE-2007-5319

Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.

4.9 2007-09-27 CVE-2007-5132

Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."

4.9 2007-09-06 CVE-2007-4732

Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.

4.9 2007-08-22 CVE-2007-4495

Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124.

4.9 2007-08-22 CVE-2007-4492

Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123.

4.9 2007-07-30 CVE-2007-4070

Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.

7.2 2007-06-28 CVE-2007-3471

Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.

4.9 2007-06-27 CVE-2007-3458

The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.

6.8 2007-06-19 CVE-2007-3283

GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.

9 2007-06-06 CVE-2007-3094

Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.

10 2007-06-06 CVE-2007-3093

Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.

5 2007-05-29 CVE-2007-2882

Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.

4.7 2006-12-04 CVE-2006-6275

Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.

2.6 2006-10-10 CVE-2006-5215

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

6.6 2006-09-26 CVE-2006-5012

Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.

4.6 2006-09-08 CVE-2006-4655

Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.

7.2 2006-08-23 CVE-2006-4319

Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

CWE : Common Weakness Enumeration

%idName
26% (4) CWE-264 Permissions, Privileges, and Access Controls
20% (3) CWE-362 Race Condition
13% (2) CWE-189 Numeric Errors
13% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
13% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
13% (2) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-58 Restful Privilege Elevation
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

SAINT Exploits

Description Link
cachefsd heap overflow More info here
Samba call_trans2open buffer overflow More info here
Solaris loadable kernel module directory traversal More info here
System V login argument array buffer overflow More info here
snmpXdmid buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
60454 dtterm Window Title Escape Sequence Arbitrary Command Execution
60301 Solaris vfs_getvfssw Function Traversal Arbitrary Kernel Module Loading Privi...
60063 Solaris /dev/poll NULL Pointer Dereference Unspecified Local DoS
60003 Solaris Volume Manager Daemon (vold) Unspecified Local Overflow
59830 Solaris utmp_update Function Local Overflow
55049 Solaris rpc.nisd(1M) NIS+ Server Unspecified DoS
54668 Solaris sadmind Crafted RPC Request Remote Overflow
54663 Solaris sadmind RPC Request Parameter Decoding Remote Overflow
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
41687 Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove...
40821 Solaris Remote Procedure Call kernel Module (rpcmod) Unspecified Local Race C...
40814 Solaris RPC Services Library (librpcsvc(3LIB)) Unspecified Packet Handling Re...
38483 Solaris Kernel Statistics Retrieval Unspecified Local DoS
37715 Solaris vuidmice STREAMS Modules Unspecified Local DoS
37712 Solaris Kernel Thread Context Handling Local DoS
37323 Solaris Special File System (SPECFS) strfreectty Function Local DoS
36615 Solaris ata(7D) Disk Driver IOCTLs Local DoS
36612 Solaris Low Bandwidth X Proxy (lbxproxy) Local Privileged File Access
36608 Solaris Common Desktop Environment (CDE) Session Manager dtsession Local Over...
36594 Solaris libsldap Unspecified Local nscd DoS
36591 Solaris Management Console (SMC) WBEM Server Unspecified Remote Code Execution
36590 Solaris Management Console (SMC) WBEM Server Logging Mechanism Unspecified Re...
36586 Solaris GNOME Session xscreensaver Local Session Hijacking
34908 Solaris NFS Client Module Crafted acl(2) Packet Remote DoS
31718 Solaris Kernel Unspecified Race Condition Local DoS

ExploitDB Exploits

id Description
23765 Sun Solaris 8/9 Unspecified Passwd Local Root Compromise Vulnerability
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
4601 Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit
2360 X11R6 <= 6.4 XKEYBOARD - Local Buffer Overflow Exploit (solaris/sparc)
1182 Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)
715 Solaris 8/9 passwd circ() Local Root Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-13 Name : Solaris Update for sadmind 116453-03
File : nvt/gb_solaris_116453_03.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20
File : nvt/gb_solaris_112837_20.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19
File : nvt/gb_solaris_114265_19.nasl
2009-10-13 Name : Solaris Update for rpc.nisd 140917-02
File : nvt/gb_solaris_140917_02.nasl
2009-10-13 Name : Solaris Update for rpc.nisd 140918-02
File : nvt/gb_solaris_140918_02.nasl
2009-09-23 Name : Solaris Update for rpc.nisd 140918-01
File : nvt/gb_solaris_140918_01.nasl
2009-09-23 Name : Solaris Update for sadmind 116442-02
File : nvt/gb_solaris_116442_02.nasl
2009-09-23 Name : Solaris Update for sadmind 116454-03
File : nvt/gb_solaris_116454_03.nasl
2009-09-23 Name : Solaris Update for sadmind 116455-02
File : nvt/gb_solaris_116455_02.nasl
2009-06-03 Name : Solaris Update for klmmod 113279-01
File : nvt/gb_solaris_113279_01.nasl
2009-06-03 Name : Solaris Update for dtsession 113241-13
File : nvt/gb_solaris_113241_13.nasl
2009-06-03 Name : Solaris Update for CDE 1.5 113240-13
File : nvt/gb_solaris_113240_13.nasl
2009-06-03 Name : Solaris Update for /usr/sbin/format 113072-08
File : nvt/gb_solaris_113072_08.nasl
2009-06-03 Name : Solaris Update for /usr/sbin/syslogd 112998-05
File : nvt/gb_solaris_112998_05.nasl
2009-06-03 Name : Solaris Update for krb5 lib 112922-02
File : nvt/gb_solaris_112922_02.nasl
2009-06-03 Name : Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112875-01
File : nvt/gb_solaris_112875_01.nasl
2009-06-03 Name : Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112846-01
File : nvt/gb_solaris_112846_01.nasl
2009-06-03 Name : Solaris Update for uucp 111571-04
File : nvt/gb_solaris_111571_04.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18
File : nvt/gb_solaris_112837_18.nasl
2009-06-03 Name : Solaris Update for Xview 111627-03
File : nvt/gb_solaris_111627_03.nasl
2009-06-03 Name : Solaris Update for OpenWindows 3.6.2 111626-04
File : nvt/gb_solaris_111626_04.nasl
2009-06-03 Name : Solaris Update for klmmod and klmops 111321-05
File : nvt/gb_solaris_111321_05.nasl
2009-06-03 Name : Solaris Update for uucp 113322-03
File : nvt/gb_solaris_113322_03.nasl
2009-06-03 Name : Solaris Update for /usr/lib/utmp_update 113650-02
File : nvt/gb_solaris_113650_02.nasl
2009-06-03 Name : Solaris Update for cachefsd 114008-01
File : nvt/gb_solaris_114008_01.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0012 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0043396
2009-T-0028 Multiple Buffer Overflow Vulnerabilities in Sun Solaris
Severity: Category II - VMSKEY: V0019230

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 RCPT TO overflow
RuleID : 654-community - Type : SERVER-MAIL - Revision : 28
2014-01-10 RCPT TO overflow
RuleID : 654 - Type : SERVER-MAIL - Revision : 28
2014-01-10 portmap snmpXdmi request TCP
RuleID : 593-community - Type : PROTOCOL-RPC - Revision : 31
2014-01-10 portmap snmpXdmi request TCP
RuleID : 593 - Type : PROTOCOL-RPC - Revision : 31
2014-01-10 snmpXdmi overflow attempt TCP
RuleID : 569-community - Type : PROTOCOL-RPC - Revision : 25
2014-01-10 snmpXdmi overflow attempt TCP
RuleID : 569 - Type : PROTOCOL-RPC - Revision : 25
2017-08-29 Sun Solaris dhcpd malformed bootp denial of service attempt
RuleID : 43752 - Type : SERVER-OTHER - Revision : 2
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 login buffer overflow attempt
RuleID : 3147 - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265-community - Type : SERVER-MAIL - Revision : 14
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265 - Type : SERVER-MAIL - Revision : 14
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264 - Type : SERVER-MAIL - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-04-02 Name: The remote host is missing Sun security patch number 119059-46.
File: solaris10_119059_46.nasl - Type: ACT_GATHER_INFO
2015-04-02 Name: The remote host is missing Sun security patch number 119060-45.
File: solaris10_x86_119060_45.nasl - Type: ACT_GATHER_INFO
2014-01-27 Name: The remote host is missing Sun Security Patch number 150863-01
File: solaris8_150863.nasl - Type: ACT_GATHER_INFO
2014-01-27 Name: The remote host is missing Sun Security Patch number 113911-02
File: solaris9_113911.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_f04cc5cb2d0b11d8beaf000a95c4d922.nasl - Type: ACT_GATHER_INFO
2008-01-04 Name: The remote host is missing Sun Security Patch number 128625-11
File: solaris8_x86_128625.nasl - Type: ACT_GATHER_INFO
2008-01-02 Name: The remote host is missing Sun Security Patch number 128624-11
File: solaris8_128624.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-2.nasl - Type: ACT_GATHER_INFO
2007-10-25 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2007-0970.nasl - Type: ACT_GATHER_INFO
2007-10-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1388.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 127548-01
File: solaris8_127548.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 127549-01
File: solaris8_x86_127549.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 123396-01
File: solaris9_123396.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 123397-01
File: solaris9_x86_123397.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35485.nasl - Type: ACT_GATHER_INFO
2007-07-02 Name: The remote host is missing Sun Security Patch number 125279-05
File: solaris10_125279.nasl - Type: ACT_GATHER_INFO
2007-07-02 Name: The remote host is missing Sun Security Patch number 125280-05
File: solaris10_x86_125280.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 115298-01
File: solaris8_115298.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 115299-01
File: solaris8_x86_115299.nasl - Type: ACT_GATHER_INFO
2007-03-18 Name: The remote host is missing Sun Security Patch number 122300-61
File: solaris9_122300.nasl - Type: ACT_GATHER_INFO
2007-03-18 Name: The remote host is missing Sun Security Patch number 122301-61
File: solaris9_x86_122301.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120094-36
File: solaris10_120094.nasl - Type: ACT_GATHER_INFO