This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2002-12-11
Product Solaris Last view 2008-06-16
Version 9.0 Type Os
Update x86_update_2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

  Date Alert Description
7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

2.6 2006-10-10 CVE-2006-5215

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

6.6 2006-09-26 CVE-2006-5012

Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.

7.2 2006-08-23 CVE-2006-4319

Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

5 2006-07-18 CVE-2006-3664

Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.

5 2005-12-31 CVE-2005-4797

Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.

5.6 2005-03-05 CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

7.5 2004-12-21 CVE-2004-1307

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

2.1 2004-08-06 CVE-2004-0654

Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).

5 2004-05-14 CVE-2004-1354

The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.

10 2003-05-05 CVE-2003-0201

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

10 2003-04-02 CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

5 2003-02-07 CVE-2003-0027

Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

7.5 2002-12-11 CVE-2002-1317

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-189 Numeric Errors
50% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

SAINT Exploits

Description Link
Samba call_trans2open buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
29579 Multiple Vendor X Display Manager Xsession Script Symlink Arbitrary File Over...
29555 Solaris RBAC format Command Local Overflow
29153 Solaris syslog Local DoS
27320 Solaris ypserv Unspecified Remote DoS
18650 Solaris printd Arbitrary File Deletion
16440 Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Informati...
15140 Solaris fs.auto XFS Font Server Crafted XFS Query Remote Overflow
12556 LibTIFF STRIPOFFSETS Flag TIFFFetchStripThing() Function Overflow
8294 Sendmail NOCHAR Control Value prescan Overflow
8201 Sun Kodak Color Management System (KCMS) kcms_server Arbitrary File Access
7240 Solaris Basic Security Module (BSM) Local DoS
6119 Solaris SMC Web Server File Enumeration
4469 Samba trans2.c call_trans2open() Function Overflow

OpenVAS Exploits

id Description
2009-06-03 Name : Solaris Update for CDE 1.4 109931-10
File : nvt/gb_solaris_109931_10.nasl
2009-06-03 Name : Solaris Update for sdtimage 109932-10
File : nvt/gb_solaris_109932_10.nasl
2009-06-03 Name : Solaris Update for kcms_server and kcms_configure 111400-04
File : nvt/gb_solaris_111400_04.nasl
2009-06-03 Name : Solaris Update for /usr/sbin/format 113072-08
File : nvt/gb_solaris_113072_08.nasl
2009-06-03 Name : Solaris Update for CDE 1.5 114219-11
File : nvt/gb_solaris_114219_11.nasl
2009-06-03 Name : Solaris Update for sdtimage 114220-11
File : nvt/gb_solaris_114220_11.nasl
2009-06-03 Name : Solaris Update for format 114423-07
File : nvt/gb_solaris_114423_07.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-05:09.htt.asc)
File : nvt/freebsdsa_htt.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-1 (sendmail)
File : nvt/deb_278_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-2 (sendmail)
File : nvt/deb_278_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 280-1 (samba)
File : nvt/deb_280_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 290-1 (sendmail-wide)
File : nvt/deb_290_1.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262 - Type : SERVER-MAIL - Revision : 16
2014-01-10 VRFY overflow attempt
RuleID : 2260-community - Type : SERVER-MAIL - Revision : 17
2014-01-10 VRFY overflow attempt
RuleID : 2260 - Type : SERVER-MAIL - Revision : 17
2014-01-10 EXPN overflow attempt
RuleID : 2259-community - Type : SERVER-MAIL - Revision : 17
2014-01-10 EXPN overflow attempt
RuleID : 2259 - Type : SERVER-MAIL - Revision : 17
2014-01-10 Sendmail Content-Transfer-Encoding overflow attempt
RuleID : 2183-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail Content-Transfer-Encoding overflow attempt
RuleID : 2183 - Type : SERVER-MAIL - Revision : 16
2014-01-10 SMB Trans2 OPEN2 unicode maximum param count overflow attempt
RuleID : 2103-community - Type : NETBIOS - Revision : 16
2014-01-10 SMB Trans2 OPEN2 unicode maximum param count overflow attempt
RuleID : 2103 - Type : NETBIOS - Revision : 16
2014-01-10 kcms_server directory traversal attempt
RuleID : 2007-community - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 kcms_server directory traversal attempt
RuleID : 2007 - Type : PROTOCOL-RPC - Revision : 16
2014-01-10 portmap kcms_server request TCP
RuleID : 2006-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap kcms_server request TCP
RuleID : 2006 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap kcms_server request UDP
RuleID : 2005-community - Type : PROTOCOL-RPC - Revision : 22
2014-01-10 portmap kcms_server request UDP
RuleID : 2005 - Type : PROTOCOL-RPC - Revision : 22
2014-01-10 xfs overflow attempt
RuleID : 1987-community - Type : SERVER-OTHER - Revision : 11

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 124831-01
File: solaris9_x86_124831.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 124830-01
File: solaris9_124830.nasl - Type: ACT_GATHER_INFO
2007-01-08 Name: The remote host is missing Sun Security Patch number 124457-03
File: solaris10_124457.nasl - Type: ACT_GATHER_INFO
2006-12-18 Name: The remote host is missing Sun Security Patch number 124458-03
File: solaris10_x86_124458.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 111844-04
File: solaris8_111844.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 111845-04
File: solaris8_x86_111845.nasl - Type: ACT_GATHER_INFO
2006-08-21 Name: The remote host is missing Sun Security Patch number 114423-09
File: solaris9_x86_114423.nasl - Type: ACT_GATHER_INFO
2006-08-04 Name: The remote host is missing Sun Security Patch number 113072-08
File: solaris9_113072.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-021.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote host is missing Sun Security Patch number 118833-36
File: solaris10_118833.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-800.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-476.nasl - Type: ACT_GATHER_INFO
2006-02-19 Name: The remote host is missing Sun Security Patch number 117350-62
File: solaris8_117350.nasl - Type: ACT_GATHER_INFO
2006-02-19 Name: The remote host is missing Sun Security Patch number 117351-61
File: solaris8_x86_117351.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-131-1.nasl - Type: ACT_GATHER_INFO
2005-10-19 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-800.nasl - Type: ACT_GATHER_INFO
2005-10-05 Name: The remote host is missing Sun Security Patch number 118559-39
File: solaris9_x86_118559.nasl - Type: ACT_GATHER_INFO
2005-10-05 Name: The remote host is missing Sun Security Patch number 118558-39
File: solaris9_118558.nasl - Type: ACT_GATHER_INFO
2005-07-01 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-111.nasl - Type: ACT_GATHER_INFO
2005-07-01 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-110.nasl - Type: ACT_GATHER_INFO
2005-06-08 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-096.nasl - Type: ACT_GATHER_INFO
2005-06-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2005-476.nasl - Type: ACT_GATHER_INFO
2005-05-03 Name: The remote host is missing a Mac OS X update that fixes a security issue.
File: macosx_SecUpd2005-005.nasl - Type: ACT_GATHER_INFO