This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1995-08-29
Product Sunos Last view 2012-06-12
Version 5.4 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:sunos

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.2 2012-06-12 CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

7.2 2008-06-16 CVE-2008-2710

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

10 2003-04-02 CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

10 2001-12-31 CVE-2001-1583

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.

10 2001-12-12 CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

7.2 2001-10-30 CVE-2001-0652

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.

4.6 2001-08-14 CVE-2001-0565

Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.

10 2001-08-14 CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

7.2 2001-07-02 CVE-2001-0422

Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

6.4 2001-07-02 CVE-2001-0421

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.

7.5 2001-06-22 CVE-2001-1328

Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.

7.2 2001-06-18 CVE-2001-0401

Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

10 2001-06-18 CVE-2001-0249

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

7.2 2001-03-26 CVE-2001-0190

Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).

7.2 2001-03-12 CVE-2001-0124

Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.

7.2 2001-03-12 CVE-2001-0115

Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.

10 2000-11-14 CVE-2000-0844

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

7.2 2000-06-14 CVE-2000-0471

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

7.2 2000-01-06 CVE-2000-0055

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

10 1999-12-09 CVE-1999-0974

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

10 1999-12-07 CVE-1999-0973

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

4.6 1999-09-22 CVE-1999-0786

The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

7.2 1999-09-13 CVE-1999-0691

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

7.5 1999-09-13 CVE-1999-0687

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

7.2 1999-08-09 CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-189 Numeric Errors
33% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks
CAPEC-219 XML Routing Detour Attacks

SAINT Exploits

Description Link
System V login argument array buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
67346 Multiple Unix Vendor rpc.pcnfsd pr_init() Symlink Arbitrary File Permission M...
46193 Solaris Kernel SIOCSIPMSFILTER IOCTL Request IP Multicast Filter Local Privil...
15131 Solaris in.lpd Crafted Job Request Arbitrary Remote Command Execution
14794 Multiple Unix Vendor locale subsystem Multiple Function Format String
14788 IBM AIX FTP Client Pipe Character Arbitrary Command Execution
13635 Red Hat Linux su Failed Password Logging Weakness
11734 Multiple Unix rpc.statd Arbitrary File Creation/Deletion
11727 syslog Shared Libraries Remote Overflow
11724 Multiple Vendor rpc.nisd Long NIS+ Argument Remote Overflow
11723 expreserve Race Condition Arbitrary File Overwrite Privilege Escalation
11504 BNU UUCP Long Hostname Local Overflow
11492 Solaris OpenWindows sdtcm_convert Overflow
11454 Multiple Vendor Oversized ICMP Ping Packet DoS
9734 ISC BIND CNAME Record Zone Transfer DoS
9733 ISC BIND Malformed DNS Message DoS
8747 SunOS rpc.cmsd Remote Arbitrary File Overwrite Privilege Escalation
8727 Solaris rpcbind Non-standard Port Assignment Filter Bypass
8726 Solaris rlogin/FTP Trust Arbitrary Command Execution
8715 Multiple Vendor rdist errstring Local Overflow
8698 Solaris ypbind Remote Overflow
8684 Solaris FTP Forced Core Dump Information Disclosure
8682 Solaris tip HOME Environement Variable Local Overflow
8681 Solaris FTP Daemon LIST Glob Arbitrary Command Execution
8673 Solaris chkperm -n Option Local Overflow
8672 Solaris Unprivileged User Core Dump Privilege Escalation

ExploitDB Exploits

id Description
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)
File : nvt/gb_suse_2012_0886_1.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-9386
File : nvt/gb_fedora_2012_9386_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11182
File : nvt/gb_fedora_2012_11182_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11755
File : nvt/gb_fedora_2012_11755_xen_fc17.nasl
2012-08-24 Name : Fedora Update for xen FEDORA-2012-11785
File : nvt/gb_fedora_2012_11785_xen_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8)
File : nvt/deb_2508_1.nasl
2012-08-10 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2501-1 (xen)
File : nvt/deb_2501_1.nasl
2012-08-06 Name : Fedora Update for xen FEDORA-2012-11190
File : nvt/gb_fedora_2012_11190_xen_fc16.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2012:0721 centos5
File : nvt/gb_CESA-2012_0721_kernel_centos5.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9399
File : nvt/gb_fedora_2012_9399_xen_fc16.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9430
File : nvt/gb_fedora_2012_9430_xen_fc15.nasl
2012-06-15 Name : RedHat Update for kernel RHSA-2012:0721-01
File : nvt/gb_RHSA-2012_0721-01_kernel.nasl
2012-06-13 Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
File : nvt/secpod_ms12-042.nasl
2011-09-22 Name : Calendar Manager Service rpc.cmsd Service Detection
File : nvt/gb_cde_rpc_cmsd_service_detect.nasl
2009-06-03 Name : Solaris Update for /usr/bin/mailx 110957-02
File : nvt/gb_solaris_110957_02.nasl
2009-06-03 Name : Solaris Update for /usr/lib/netsvc/yp/ypbind 110322-02
File : nvt/gb_solaris_110322_02.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 portmap ttdbserv request UDP
RuleID : 588-community - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap ttdbserv request UDP
RuleID : 588 - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap pcnfsd request UDP
RuleID : 581-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap pcnfsd request UDP
RuleID : 581 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap nisd request UDP
RuleID : 580-community - Type : PROTOCOL-RPC - Revision : 21
2014-01-10 portmap nisd request UDP
RuleID : 580 - Type : PROTOCOL-RPC - Revision : 21
2014-01-10 portmap amountd request UDP
RuleID : 576-community - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 portmap amountd request UDP
RuleID : 576 - Type : PROTOCOL-RPC - Revision : 17
2014-01-10 DOS ttdbserv Solaris
RuleID : 572-community - Type : PROTOCOL-RPC - Revision : 14
2014-01-10 DOS ttdbserv Solaris
RuleID : 572 - Type : PROTOCOL-RPC - Revision : 14
2014-01-10 EXPLOIT ttdbserv Solaris overflow
RuleID : 571 - Type : RPC - Revision : 10
2014-01-10 EXPLOIT ttdbserv solaris overflow
RuleID : 570 - Type : RPC - Revision : 12
2014-01-10 Oracle Solaris LPD overflow attempt
RuleID : 3527 - Type : OS-SOLARIS - Revision : 13
2014-01-10 PORT bounce attempt
RuleID : 3441-community - Type : PROTOCOL-FTP - Revision : 13
2014-01-10 PORT bounce attempt
RuleID : 3441 - Type : PROTOCOL-FTP - Revision : 13
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 UDP inverse query overflow
RuleID : 3154-community - Type : PROTOCOL-DNS - Revision : 12
2014-01-10 UDP inverse query overflow
RuleID : 3154 - Type : PROTOCOL-DNS - Revision : 12
2014-01-10 TCP inverse query overflow
RuleID : 3153-community - Type : PROTOCOL-DNS - Revision : 9
2014-01-10 TCP inverse query overflow
RuleID : 3153 - Type : PROTOCOL-DNS - Revision : 9
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 login buffer overflow attempt
RuleID : 3147 - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0022.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0021.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0020.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU oct2012.
File: solaris_oct2012_SRU10_5.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-403.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-404.nasl - Type: ACT_GATHER_INFO
2013-09-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201309-24.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-0721.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-0721-1.nasl - Type: ACT_GATHER_INFO
2013-01-25 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_xen-201206-120606.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-0720.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20120612_kernel_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-07-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2508.nasl - Type: ACT_GATHER_INFO
2012-06-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2501.nasl - Type: ACT_GATHER_INFO
2012-06-28 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_aed44c4ec06711e1b5e0000c299b62e1.nasl - Type: ACT_GATHER_INFO
2012-06-26 Name: The remote Fedora host is missing a security update.
File: fedora_2012-9386.nasl - Type: ACT_GATHER_INFO
2012-06-26 Name: The remote Fedora host is missing a security update.
File: fedora_2012-9399.nasl - Type: ACT_GATHER_INFO
2012-06-26 Name: The remote Fedora host is missing a security update.
File: fedora_2012-9430.nasl - Type: ACT_GATHER_INFO
2012-06-14 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2012-0721.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_xen-201206-8180.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: The Windows kernel is affected by multiple elevation of privilege vulnerabili...
File: smb_nt_ms12-042.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-0721.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO
2007-05-25 Name: An ONC RPC portmapper is running on the remote host.
File: rpc_portmap_port32771.nasl - Type: ACT_GATHER_INFO