This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 1997-03-01
Product Sunos Last view 2014-07-17
Version 5.8 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:sunos

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4 2014-07-17 CVE-2014-4239

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao).

4.9 2014-07-17 CVE-2014-4224

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs.

3.2 2014-01-15 CVE-2013-5883

Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel.

6.2 2014-01-15 CVE-2013-5834

Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps.

4.9 2014-01-15 CVE-2013-5833

Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem.

4.6 2014-01-15 CVE-2013-5821

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC.

6.4 2013-07-17 CVE-2013-3757

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.

2.1 2013-07-17 CVE-2013-3745

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.

5 2013-07-17 CVE-2013-0398

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd).

3.6 2013-04-17 CVE-2013-0412

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.

5.9 2013-04-17 CVE-2013-0411

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration.

6.4 2013-04-17 CVE-2013-0405

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.

1.9 2013-04-17 CVE-2013-0403

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.

2.1 2013-04-17 CVE-2012-0570

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.

2.1 2013-04-17 CVE-2012-0568

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat.

3.6 2012-10-16 CVE-2012-3165

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.

7.1 2012-07-17 CVE-2012-3125

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP.

2.6 2012-07-17 CVE-2012-3122

Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort.

7.8 2012-07-17 CVE-2012-3120

Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP.

4.4 2012-07-17 CVE-2012-1750

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx.

7.2 2012-06-12 CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

4.3 2012-05-03 CVE-2012-1684

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy.

5.9 2012-05-03 CVE-2012-1683

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd.

4.9 2012-05-03 CVE-2012-1681

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs.

6.2 2012-05-03 CVE-2012-0539

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.

CWE : Common Weakness Enumeration

%idName
38% (8) CWE-264 Permissions, Privileges, and Access Controls
14% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (2) CWE-189 Numeric Errors
9% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
4% (1) CWE-399 Resource Management Errors
4% (1) CWE-362 Race Condition
4% (1) CWE-255 Credentials Management
4% (1) CWE-200 Information Exposure
4% (1) CWE-134 Uncontrolled Format String
4% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-26 Leveraging Race Conditions
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-58 Restful Privilege Elevation
CAPEC-67 String Format Overflow in syslog()
CAPEC-68 Subvert Code-signing Facilities
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks
CAPEC-128 Integer Attacks
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

SAINT Exploits

Description Link
SSH password weakness More info here
Samba call_trans2open buffer overflow More info here
Solaris loadable kernel module directory traversal More info here
System V login argument array buffer overflow More info here
snmpXdmid buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78427 Oracle Solaris Kernel Component Unspecified Local DoS (2012-0098)
78424 Oracle Solaris TCP/IP Component Unspecified Local Issue
78422 Oracle Solaris Network Component Unspecified Remote DoS
76467 Oracle Solaris LDAP Library Component Unspecified Remote Issue
73966 Oracle Solaris rksh Unspecified Local Issue
73965 Oracle Solaris Driver/USB Unspecified Local DoS
73963 Oracle Solaris UFS Unspecified Local DoS
73958 Oracle Solaris TCP/IP Unspecified Remote DoS
73955 Oracle Solaris fingerd Unspecified Remote DoS
71941 Oracle Solaris uucp Unspecified Local Issue
71939 Oracle Solaris Kernel Unspecified Local Unauthenticated DoS
71938 Oracle Solaris Kernel Unspecified Local Authenticated DoS
71936 Oracle Solaris Administration Utilities Unspecified Local Issue
71646 Oracle Solaris Backout File (undo.Z) Permissions Weakness Password Hash Local...
70569 CDE Calendar Manager Service Daemon / RPC Remote Code Execution
70550 Solaris libc Unspecified Local Issue
68527 NetBSD ftpd / sftpd Server Process GLOB_LIMIT Crafted Command Pattern Remote DoS
60514 Solaris LDAP Client Configuration Cache Daemon (ldap_cachemgr(1M)) Multiple U...
60454 dtterm Window Title Escape Sequence Arbitrary Command Execution
60301 Solaris vfs_getvfssw Function Traversal Arbitrary Kernel Module Loading Privi...
60237 Solaris on Sun Fire Environmental Monitoring Subsystem Volatile Property Mani...
60063 Solaris /dev/poll NULL Pointer Dereference Unspecified Local DoS
60003 Solaris Volume Manager Daemon (vold) Unspecified Local Overflow
59885 Solaris pkgadd Question Mark Handling File Permission Weakness Local Privileg...
59830 Solaris utmp_update Function Local Overflow

ExploitDB Exploits

id Description
25389 Multiple Vendor ICMP Message Handling DoS
25388 Multiple Vendor ICMP Implementation Malformed Path MTU DoS
25387 Multiple Vendor ICMP Implementation Spoofed Source Quench Packet DoS
24450 FreeBSD 9.1 ftpd Remote Denial of Service
23765 Sun Solaris 8/9 Unspecified Passwd Local Root Compromise Vulnerability
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
16137 Multiple Vendor Calendar Manager Remote Code Execution
15215 Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon)
5227 Solaris 8/9/10 - fifofs I_PEEK Local Kernel Memory Leak Exploit
1182 Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)
948 Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages DoS Exploit
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)
715 Solaris 8/9 passwd circ() Local Root Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)
File : nvt/gb_suse_2012_0886_1.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11182
File : nvt/gb_fedora_2012_11182_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11755
File : nvt/gb_fedora_2012_11755_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-9386
File : nvt/gb_fedora_2012_9386_xen_fc17.nasl
2012-08-24 Name : Fedora Update for xen FEDORA-2012-11785
File : nvt/gb_fedora_2012_11785_xen_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2501-1 (xen)
File : nvt/deb_2501_1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8)
File : nvt/deb_2508_1.nasl
2012-08-10 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD16.nasl
2012-08-06 Name : Fedora Update for xen FEDORA-2012-11190
File : nvt/gb_fedora_2012_11190_xen_fc16.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2012:0721 centos5
File : nvt/gb_CESA-2012_0721_kernel_centos5.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9399
File : nvt/gb_fedora_2012_9399_xen_fc16.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9430
File : nvt/gb_fedora_2012_9430_xen_fc15.nasl
2012-06-15 Name : RedHat Update for kernel RHSA-2012:0721-01
File : nvt/gb_RHSA-2012_0721-01_kernel.nasl
2012-06-13 Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
File : nvt/secpod_ms12-042.nasl
2011-11-21 Name : Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerab...
File : nvt/secpod_ms_windows_ip_validation_code_exec_vuln.nasl
2011-09-27 Name : CDE ToolTalk RPC Database Server Multiple Vulnerabilities
File : nvt/secpod_tooltalk_rpc_database_server_mult_vuln.nasl
2011-08-19 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004)
File : nvt/secpod_macosx_su11-004.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0107 Multiple Vulnerabilities in Oracle & Sun Systems Products Suite
Severity: Category I - VMSKEY: V0053187
2014-A-0012 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0043396
2013-A-0194 Multiple Vulnerabilities in Juniper Networks JUNOS
Severity: Category I - VMSKEY: V0040788
2011-B-0026 HP-UX Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0026084
2008-T-0043 Multiple Sun Solaris snoop Vulnerabilities
Severity: Category II - VMSKEY: V0017141
2008-T-0029 Sun Solaris Unspecified Remote Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0016060
2008-T-0022 Sun Solaris TCP Implementation SYN Flood Denial of Service
Severity: Category I - VMSKEY: V0016026
2008-T-0021 Sun Solaris Print Service Unspecified Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0016018
2005-T-0043 Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability
Severity: Category II - VMSKEY: V0011706

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 RCPT TO overflow
RuleID : 654-community - Type : SERVER-MAIL - Revision : 28
2014-01-10 RCPT TO overflow
RuleID : 654 - Type : SERVER-MAIL - Revision : 28
2014-01-10 portmap snmpXdmi request TCP
RuleID : 593-community - Type : PROTOCOL-RPC - Revision : 31
2014-01-10 portmap snmpXdmi request TCP
RuleID : 593 - Type : PROTOCOL-RPC - Revision : 31
2014-01-10 snmpXdmi overflow attempt TCP
RuleID : 569-community - Type : PROTOCOL-RPC - Revision : 25
2014-01-10 snmpXdmi overflow attempt TCP
RuleID : 569 - Type : PROTOCOL-RPC - Revision : 25
2014-01-10 Source Quench
RuleID : 477 - Type : ICMP - Revision : 6
2014-01-10 Destination Unreachable Fragmentation Needed and DF bit was set
RuleID : 396 - Type : PROTOCOL-ICMP - Revision : 12
2014-01-10 Oracle Solaris LPD overflow attempt
RuleID : 3527 - Type : OS-SOLARIS - Revision : 13
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 login buffer overflow attempt
RuleID : 3147 - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265-community - Type : SERVER-MAIL - Revision : 14
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265 - Type : SERVER-MAIL - Revision : 14

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-01 Name: The remote host has an account with a default password.
File: account_admin_QwestM0dem.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL23440942.nasl - Type: ACT_GATHER_INFO
2017-04-07 Name: The remote system can be accessed with a default administrator account.
File: account_admin_adminIWSS85.nasl - Type: ACT_GATHER_INFO
2017-04-07 Name: The remote system can be accessed with a default administrator account.
File: account_root_adminIWSS85.nasl - Type: ACT_GATHER_INFO
2016-11-10 Name: The remote system can be accessed with a default administrator account.
File: account_admin_Passw0rd.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_666666_666666.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_888888_888888.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote host has an account with no password set.
File: account_admin.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin1_password.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_1111.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_1111111.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_1234.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_12345.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_123456.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_4321.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_54321.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_7ujMko0admin.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_admin1234.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_meinsm.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_pass.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_smcadmin.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_administrator_1234.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_administrator_meinsm.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote host has an account with a default password.
File: account_guest_12345.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote host has an account with a default password.
File: account_mother_fucker.nasl - Type: ACT_GATHER_INFO