This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1999-12-05
Product Solaris Last view 2008-06-16
Version 8.0 Type Os
Update beta  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

  Date Alert Description
7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

2.6 2006-10-10 CVE-2006-5215

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

6.6 2006-09-26 CVE-2006-5012

Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.

7.2 2006-08-23 CVE-2006-4319

Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

5 2006-07-18 CVE-2006-3664

Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.

7.2 1999-12-05 CVE-1999-0982

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-189 Numeric Errors

Open Source Vulnerability Database (OSVDB)

id Description
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
29579 Multiple Vendor X Display Manager Xsession Script Symlink Arbitrary File Over...
29555 Solaris RBAC format Command Local Overflow
29153 Solaris syslog Local DoS
27320 Solaris ypserv Unspecified Remote DoS
11261 Sun Web-Based Enterprise Management (WBEM) World Readable Install Password

OpenVAS Exploits

id Description
2009-06-03 Name : Solaris Update for /usr/sbin/format 113072-08
File : nvt/gb_solaris_113072_08.nasl
2009-06-03 Name : Solaris Update for format 114423-07
File : nvt/gb_solaris_114423_07.nasl

Nessus® Vulnerability Scanner

id Description
2007-02-18 Name: The remote host is missing Sun Security Patch number 124831-01
File: solaris9_x86_124831.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 124830-01
File: solaris9_124830.nasl - Type: ACT_GATHER_INFO
2007-01-08 Name: The remote host is missing Sun Security Patch number 124457-03
File: solaris10_124457.nasl - Type: ACT_GATHER_INFO
2006-12-18 Name: The remote host is missing Sun Security Patch number 124458-03
File: solaris10_x86_124458.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 111844-04
File: solaris8_111844.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 111845-04
File: solaris8_x86_111845.nasl - Type: ACT_GATHER_INFO
2006-08-21 Name: The remote host is missing Sun Security Patch number 114423-09
File: solaris9_x86_114423.nasl - Type: ACT_GATHER_INFO
2006-08-04 Name: The remote host is missing Sun Security Patch number 113072-08
File: solaris9_113072.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote host is missing Sun Security Patch number 118833-36
File: solaris10_118833.nasl - Type: ACT_GATHER_INFO
2006-02-19 Name: The remote host is missing Sun Security Patch number 117350-62
File: solaris8_117350.nasl - Type: ACT_GATHER_INFO
2006-02-19 Name: The remote host is missing Sun Security Patch number 117351-61
File: solaris8_x86_117351.nasl - Type: ACT_GATHER_INFO
2005-10-05 Name: The remote host is missing Sun Security Patch number 118558-39
File: solaris9_118558.nasl - Type: ACT_GATHER_INFO
2005-10-05 Name: The remote host is missing Sun Security Patch number 118559-39
File: solaris9_x86_118559.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 108975-10
File: solaris8_108975.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 109328-07
File: solaris8_109328.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 108976-10
File: solaris8_x86_108976.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 109329-07
File: solaris8_x86_109329.nasl - Type: ACT_GATHER_INFO