This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1989-07-26
Product Sunos Last view 2012-06-12
Version - Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:sunos

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.2 2012-06-12 CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

3.6 2005-12-31 CVE-2005-4796

Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.

7.2 2004-12-31 CVE-2004-2686

Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.

4.6 2004-03-04 CVE-2004-1359

Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.

7.2 2004-01-05 CVE-2003-0999

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.

7.2 2003-12-31 CVE-2003-1082

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

1.2 2003-12-31 CVE-2003-1073

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.

5 2003-12-31 CVE-2003-1066

Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.

7.2 2003-12-11 CVE-2003-1056

The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

7.2 2003-12-08 CVE-2003-1057

Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.

3.7 2003-12-03 CVE-2003-1058

The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

1.2 2003-10-14 CVE-2003-1061

Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.

10 2003-10-06 CVE-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

1.2 2003-08-27 CVE-2003-0669

Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.

7.2 2003-08-27 CVE-2003-0609

Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.

7.5 2003-08-20 CVE-2003-1063

The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.

7.2 2003-06-19 CVE-2003-1067

Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.

7.2 2003-06-06 CVE-2003-1068

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.

5 2003-06-03 CVE-2003-1069

The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).

10 2003-05-05 CVE-2003-0201

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

10 2003-05-05 CVE-2003-0196

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

5 2003-04-28 CVE-2003-1070

Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).

10 2003-04-02 CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

7.5 2003-03-25 CVE-2003-0028

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-189 Numeric Errors
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
25% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

SAINT Exploits

Description Link
cachefsd heap overflow More info here
Samba call_trans2open buffer overflow More info here
System V login argument array buffer overflow More info here
snmpXdmid buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
60454 dtterm Window Title Escape Sequence Arbitrary Command Execution
60301 Solaris vfs_getvfssw Function Traversal Arbitrary Kernel Module Loading Privi...
60103 Solaris Serial Console Terminal Unspecified Local Information Disclosure
60003 Solaris Volume Manager Daemon (vold) Unspecified Local Overflow
59830 Solaris utmp_update Function Local Overflow
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
18809 Solaris XView Text Clipboard Arbitrary File Corruption
16574 NcFTP Server Response Traversal Arbitrary File Write
16005 Solaris ndbm Multiple Function Local Overflow
16004 Solaris dbm Multiple Function Local Overflow
15146 Solaris FTP Client Debug (-d) Flag Password Disclosure
15145 Solaris UDP RPC Malformed RPC Call Remote DoS
15143 Solaris in.ftpd Unspecified Remote DoS
15142 Solaris at -r Argument Race Condition Arbitrary File Deletion
15141 Solaris rpc.walld Local Message Spoofing
15140 Solaris fs.auto XFS Font Server Crafted XFS Query Remote Overflow
15136 Solaris rpcbind Unspecified Remote DoS
15134 Solaris in.telnetd Infinite Loop Remote DoS
15132 Solaris Multiple cachefs Patches inetd.conf Overwrite Restriction Failure
15131 Solaris in.lpd Crafted Job Request Arbitrary Remote Command Execution
15129 Solaris Kernel Multiple Function Race Condition DoS
14893 Solaris Null sd_struiowrq Variable Local DoS
14872 Solaris libthread.so.1 Library Local DoS
14848 Multiple Unix Vendor RPC AUTH_DES Unspecified Remote Privilege Escalation
14820 Solaris Basic Security Module Anonymous FTP Logging Failure

ExploitDB Exploits

id Description
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
1182 Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)
File : nvt/gb_suse_2012_0886_1.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-9386
File : nvt/gb_fedora_2012_9386_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11182
File : nvt/gb_fedora_2012_11182_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11755
File : nvt/gb_fedora_2012_11755_xen_fc17.nasl
2012-08-24 Name : Fedora Update for xen FEDORA-2012-11785
File : nvt/gb_fedora_2012_11785_xen_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8)
File : nvt/deb_2508_1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2501-1 (xen)
File : nvt/deb_2501_1.nasl
2012-08-10 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD16.nasl
2012-08-06 Name : Fedora Update for xen FEDORA-2012-11190
File : nvt/gb_fedora_2012_11190_xen_fc16.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2012:0721 centos5
File : nvt/gb_CESA-2012_0721_kernel_centos5.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9399
File : nvt/gb_fedora_2012_9399_xen_fc16.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9430
File : nvt/gb_fedora_2012_9430_xen_fc15.nasl
2012-06-15 Name : RedHat Update for kernel RHSA-2012:0721-01
File : nvt/gb_RHSA-2012_0721-01_kernel.nasl
2012-06-13 Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
File : nvt/secpod_ms12-042.nasl
2009-06-03 Name : Solaris Update for krb5 lib 112922-02
File : nvt/gb_solaris_112922_02.nasl
2009-06-03 Name : Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112846-01
File : nvt/gb_solaris_112846_01.nasl
2009-06-03 Name : Solaris Update for Xview 111627-03
File : nvt/gb_solaris_111627_03.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0012 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0043396

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 RCPT TO overflow
RuleID : 654-community - Type : SERVER-MAIL - Revision : 28
2014-01-10 RCPT TO overflow
RuleID : 654 - Type : SERVER-MAIL - Revision : 28
2014-01-10 portmap snmpXdmi request TCP
RuleID : 593-community - Type : PROTOCOL-RPC - Revision : 31
2014-01-10 portmap snmpXdmi request TCP
RuleID : 593 - Type : PROTOCOL-RPC - Revision : 31
2014-01-10 portmap ttdbserv request UDP
RuleID : 588-community - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap ttdbserv request UDP
RuleID : 588 - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap amountd request UDP
RuleID : 576-community - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 portmap amountd request UDP
RuleID : 576 - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 DOS ttdbserv Solaris
RuleID : 572-community - Type : PROTOCOL-RPC - Revision : 14
2014-01-10 DOS ttdbserv Solaris
RuleID : 572 - Type : PROTOCOL-RPC - Revision : 14
2014-01-10 EXPLOIT ttdbserv Solaris overflow
RuleID : 571 - Type : RPC - Revision : 10
2014-01-10 EXPLOIT ttdbserv solaris overflow
RuleID : 570 - Type : RPC - Revision : 12
2014-01-10 snmpXdmi overflow attempt TCP
RuleID : 569-community - Type : PROTOCOL-RPC - Revision : 25
2014-01-10 snmpXdmi overflow attempt TCP
RuleID : 569 - Type : PROTOCOL-RPC - Revision : 25
2014-01-10 IRDP router selection
RuleID : 364-community - Type : PROTOCOL-ICMP - Revision : 11
2014-01-10 IRDP router selection
RuleID : 364 - Type : PROTOCOL-ICMP - Revision : 11
2014-01-10 IRDP router advertisement
RuleID : 363-community - Type : PROTOCOL-ICMP - Revision : 11
2014-01-10 IRDP router advertisement
RuleID : 363 - Type : PROTOCOL-ICMP - Revision : 11
2014-01-10 Oracle Solaris LPD overflow attempt
RuleID : 3527 - Type : OS-SOLARIS - Revision : 13
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 UDP inverse query overflow
RuleID : 3154-community - Type : PROTOCOL-DNS - Revision : 12
2014-01-10 UDP inverse query overflow
RuleID : 3154 - Type : PROTOCOL-DNS - Revision : 12
2014-01-10 TCP inverse query overflow
RuleID : 3153-community - Type : PROTOCOL-DNS - Revision : 9
2014-01-10 TCP inverse query overflow
RuleID : 3153 - Type : PROTOCOL-DNS - Revision : 9

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0022.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0021.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0020.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU oct2012.
File: solaris_oct2012_SRU10_5.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-404.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-403.nasl - Type: ACT_GATHER_INFO
2014-01-27 Name: The remote host is missing Sun Security Patch number 113911-02
File: solaris9_113911.nasl - Type: ACT_GATHER_INFO
2014-01-27 Name: The remote host is missing Sun Security Patch number 150863-01
File: solaris8_150863.nasl - Type: ACT_GATHER_INFO
2013-09-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201309-24.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-0721-1.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-0721.nasl - Type: ACT_GATHER_INFO
2013-01-25 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_xen-201206-120606.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-0720.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20120612_kernel_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-07-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2508.nasl - Type: ACT_GATHER_INFO
2012-06-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2501.nasl - Type: ACT_GATHER_INFO
2012-06-28 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_aed44c4ec06711e1b5e0000c299b62e1.nasl - Type: ACT_GATHER_INFO
2012-06-26 Name: The remote Fedora host is missing a security update.
File: fedora_2012-9399.nasl - Type: ACT_GATHER_INFO
2012-06-26 Name: The remote Fedora host is missing a security update.
File: fedora_2012-9430.nasl - Type: ACT_GATHER_INFO
2012-06-26 Name: The remote Fedora host is missing a security update.
File: fedora_2012-9386.nasl - Type: ACT_GATHER_INFO
2012-06-14 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2012-0721.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: The Windows kernel is affected by multiple elevation of privilege vulnerabili...
File: smb_nt_ms12-042.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-0721.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_xen-201206-8180.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35485.nasl - Type: ACT_GATHER_INFO