This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1999-12-31
Product Solaris Last view 2009-08-07
Version 9.0 Type Os
Update *  
Edition sparc  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.9 2009-08-07 CVE-2009-2711

XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.

4.9 2009-07-29 CVE-2009-2644

Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."

10 2009-05-26 CVE-2008-3870

Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.

10 2009-05-26 CVE-2008-3869

Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.

7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

7.6 2007-11-29 CVE-2007-6180

Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.

4.9 2007-10-23 CVE-2007-5632

Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.

7.8 2007-10-15 CVE-2007-5462

Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.

7.2 2007-10-11 CVE-2007-5365

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

4.9 2007-09-27 CVE-2007-5132

Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."

4.7 2007-09-27 CVE-2007-5118

Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.

4.9 2007-09-06 CVE-2007-4732

Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.

4.9 2007-07-30 CVE-2007-4070

Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.

7.2 2007-06-28 CVE-2007-3471

Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.

4.9 2007-06-27 CVE-2007-3458

The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.

6.8 2007-06-19 CVE-2007-3283

GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.

7.8 2007-06-01 CVE-2007-2989

The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.

7.8 2007-02-22 CVE-2006-7028

Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error.

2.6 2007-02-12 CVE-2007-0895

Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.

6.9 2007-01-25 CVE-2007-0503

Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.

7.2 2007-01-23 CVE-2007-0470

Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.

4.6 2007-01-19 CVE-2007-0393

Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

7.8 2007-01-09 CVE-2007-0165

Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

6.6 2006-12-12 CVE-2006-6495

Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.

6.6 2006-12-12 CVE-2006-6494

Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.

CWE : Common Weakness Enumeration

%idName
26% (4) CWE-362 Race Condition
13% (2) CWE-264 Permissions, Privileges, and Access Controls
13% (2) CWE-200 Information Exposure
13% (2) CWE-189 Numeric Errors
13% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
13% (2) CWE-20 Improper Input Validation
6% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-26 Leveraging Race Conditions
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks
CAPEC-128 Integer Attacks

SAINT Exploits

Description Link
Samba call_trans2open buffer overflow More info here
Solaris loadable kernel module directory traversal More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
60995 Solaris in.iked ISAKMP Protocol Unspecified Malformed Input Remote DoS (PROTOS)
60454 dtterm Window Title Escape Sequence Arbitrary Command Execution
60298 Solaris Multiple Patches Basic Security Module (BSM) Auditing Disablement
59830 Solaris utmp_update Function Local Overflow
56854 Solaris XScreenSaver (xscreensaver(1)) PopUp Window Information Disclosure
56607 Solaris Auditing Subsystem Extended File Attributes Race Condition Local DoS
54668 Solaris sadmind Crafted RPC Request Remote Overflow
54663 Solaris sadmind RPC Request Parameter Decoding Remote Overflow
48454 HP-UX libnsl rpcbind Malformed RPC Request Remote DoS
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
45261 Solaris on Single-CPU Crafted TCP/IP Packet Saturation Remote DoS
41687 Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove...
40821 Solaris Remote Procedure Call kernel Module (rpcmod) Unspecified Local Race C...
40814 Solaris RPC Services Library (librpcsvc(3LIB)) Unspecified Packet Handling Re...
38483 Solaris Kernel Statistics Retrieval Unspecified Local DoS
37712 Solaris Kernel Thread Context Handling Local DoS
37334 Solaris Human Interface Device (HID) Unspecified Local DoS
37323 Solaris Special File System (SPECFS) strfreectty Function Local DoS
36612 Solaris Low Bandwidth X Proxy (lbxproxy) Local Privileged File Access
36608 Solaris Common Desktop Environment (CDE) Session Manager dtsession Local Over...
36594 Solaris libsldap Unspecified Local nscd DoS
36586 Solaris GNOME Session xscreensaver Local Session Hijacking
36584 Solaris libike Library in.iked Unspecified Remote DoS
33548 Solaris SetUID File Descriptor Status Verification Failure
31880 Solaris rm Race Condition Arbitrary File Deletion

ExploitDB Exploits

id Description
25389 Multiple Vendor ICMP Message Handling DoS
25388 Multiple Vendor ICMP Implementation Malformed Path MTU DoS
25387 Multiple Vendor ICMP Implementation Spoofed Source Quench Packet DoS
23765 Sun Solaris 8/9 Unspecified Passwd Local Root Compromise Vulnerability
4601 Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit
2360 X11R6 <= 6.4 XKEYBOARD - Local Buffer Overflow Exploit (solaris/sparc)
1182 Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)
948 Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages DoS Exploit
715 Solaris 8/9 passwd circ() Local Root Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2011-11-21 Name : Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerab...
File : nvt/secpod_ms_windows_ip_validation_code_exec_vuln.nasl
2011-09-27 Name : CDE ToolTalk RPC Database Server Multiple Vulnerabilities
File : nvt/secpod_tooltalk_rpc_database_server_mult_vuln.nasl
2009-10-13 Name : Solaris Update for sadmind 116453-03
File : nvt/gb_solaris_116453_03.nasl
2009-10-13 Name : Solaris Update for KCMS security fixes 114637-05
File : nvt/gb_solaris_114637_05.nasl
2009-10-13 Name : Solaris Update for KCMS 114636-05
File : nvt/gb_solaris_114636_05.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19
File : nvt/gb_solaris_114265_19.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20
File : nvt/gb_solaris_112837_20.nasl
2009-09-23 Name : Solaris Update for sadmind 116442-02
File : nvt/gb_solaris_116442_02.nasl
2009-09-23 Name : Solaris Update for sadmind 116454-03
File : nvt/gb_solaris_116454_03.nasl
2009-09-23 Name : Solaris Update for sadmind 116455-02
File : nvt/gb_solaris_116455_02.nasl
2009-06-03 Name : Solaris Update for CDE 1.5 113240-13
File : nvt/gb_solaris_113240_13.nasl
2009-06-03 Name : Solaris Update for kcms_server and kcms_configure 111401-04
File : nvt/gb_solaris_111401_04.nasl
2009-06-03 Name : Solaris Update for ufs and fsck 113073-14
File : nvt/gb_solaris_113073_14.nasl
2009-06-03 Name : Solaris Update for /usr/sbin/format 113072-08
File : nvt/gb_solaris_113072_08.nasl
2009-06-03 Name : Solaris Update for /usr/sbin/syslogd 112998-05
File : nvt/gb_solaris_112998_05.nasl
2009-06-03 Name : Solaris Update for krb5 lib 112922-02
File : nvt/gb_solaris_112922_02.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18
File : nvt/gb_solaris_112837_18.nasl
2009-06-03 Name : Solaris Update for Xview 111627-03
File : nvt/gb_solaris_111627_03.nasl
2009-06-03 Name : Solaris Update for OpenWindows 3.6.2 111626-04
File : nvt/gb_solaris_111626_04.nasl
2009-06-03 Name : Solaris Update for uucp 111571-04
File : nvt/gb_solaris_111571_04.nasl
2009-06-03 Name : Solaris Update for uucp 111570-04
File : nvt/gb_solaris_111570_04.nasl
2009-06-03 Name : Solaris Update for tip 111505-02
File : nvt/gb_solaris_111505_02.nasl
2009-06-03 Name : Solaris Update for tip 111504-02
File : nvt/gb_solaris_111504_02.nasl
2009-06-03 Name : Solaris Update for usr/lib/inet/in.dhcpd 138876-01
File : nvt/gb_solaris_138876_01.nasl
2009-06-03 Name : Solaris Update for dtsession 113241-13
File : nvt/gb_solaris_113241_13.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0012 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0043396
2009-T-0028 Multiple Buffer Overflow Vulnerabilities in Sun Solaris
Severity: Category II - VMSKEY: V0019230
2005-T-0043 Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability
Severity: Category II - VMSKEY: V0011706

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 RCPT TO overflow
RuleID : 654-community - Type : SERVER-MAIL - Revision : 28
2014-01-10 RCPT TO overflow
RuleID : 654 - Type : SERVER-MAIL - Revision : 28
2014-01-10 Source Quench
RuleID : 477 - Type : ICMP - Revision : 6
2017-08-29 Sun Solaris dhcpd malformed bootp denial of service attempt
RuleID : 43752 - Type : SERVER-OTHER - Revision : 2
2014-01-10 RETR overflow attempt
RuleID : 2392-community - Type : PROTOCOL-FTP - Revision : 22
2014-01-10 RETR overflow attempt
RuleID : 2392 - Type : PROTOCOL-FTP - Revision : 22
2014-01-10 APPE overflow attempt
RuleID : 2391-community - Type : PROTOCOL-FTP - Revision : 17
2014-01-10 APPE overflow attempt
RuleID : 2391 - Type : PROTOCOL-FTP - Revision : 17
2014-01-10 STOU overflow attempt
RuleID : 2390-community - Type : PROTOCOL-FTP - Revision : 12
2014-01-10 STOU overflow attempt
RuleID : 2390 - Type : PROTOCOL-FTP - Revision : 12
2014-01-10 RNTO overflow attempt
RuleID : 2389-community - Type : PROTOCOL-FTP - Revision : 21
2014-01-10 RNTO overflow attempt
RuleID : 2389 - Type : PROTOCOL-FTP - Revision : 21
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265-community - Type : SERVER-MAIL - Revision : 14
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265 - Type : SERVER-MAIL - Revision : 14
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264-community - Type : SERVER-MAIL - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-05-08 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL23440942.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL4583.nasl - Type: ACT_GATHER_INFO
2015-04-02 Name: The remote host is missing Sun security patch number 119059-46.
File: solaris10_119059_46.nasl - Type: ACT_GATHER_INFO
2015-04-02 Name: The remote host is missing Sun security patch number 119060-45.
File: solaris10_x86_119060_45.nasl - Type: ACT_GATHER_INFO
2014-01-27 Name: The remote host is missing Sun Security Patch number 150863-01
File: solaris8_150863.nasl - Type: ACT_GATHER_INFO
2014-01-27 Name: The remote host is missing Sun Security Patch number 113911-02
File: solaris9_113911.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2003-080.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch
File: cisco-sa-20050412-icmp.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_f04cc5cb2d0b11d8beaf000a95c4d922.nasl - Type: ACT_GATHER_INFO
2008-10-01 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_36982.nasl - Type: ACT_GATHER_INFO
2008-10-01 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_37110.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-364-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-531-2.nasl - Type: ACT_GATHER_INFO
2007-11-06 Name: The remote Fedora host is missing a security update.
File: fedora_2007-1409.nasl - Type: ACT_GATHER_INFO
2007-10-25 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2007-0970.nasl - Type: ACT_GATHER_INFO
2007-10-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1388.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 127548-01
File: solaris8_127548.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 127549-01
File: solaris8_x86_127549.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 123396-01
File: solaris9_123396.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote host is missing Sun Security Patch number 123397-01
File: solaris9_x86_123397.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 115554-26
File: solaris9_x86_115554.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35485.nasl - Type: ACT_GATHER_INFO