SUN : Security Vulnerabilities, CVEs, CVSS score between 5 and 5.99

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

Teardrop IP denial of service.

Land IP denial of service.

Delete or create a file via rpc.statd, due to invalid information.

DNS cache poisoning via BIND, by predictable query IDs.

Sun's ftpd daemon can be subjected to a denial of service.

A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

NFS allows users to use a "cd .." command to access other directories besides the exported file system.

The SunView (SunTools) selection_svc facility allows remote users to read files.

Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.

Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.

Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Denial of service in Linux syslogd via a large number of connections.

Denial of service in BIND named via consuming more than "fdmax" file descriptors.

Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.

Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.

Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.

HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.