CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Solaris : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4080 DoS 2009-11-29 2009-12-19
2.1
None Local Low Not required None None Partial
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.
2 CVE-2009-1276 200 +Info 2009-04-09 2009-08-11
2.1
None Local Low Not required Partial None None
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.
3 CVE-2008-5690 255 DoS 2008-12-19 2010-07-20
2.1
None Local Low Not required None None Partial
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.
4 CVE-2008-3426 DoS 2008-07-31 2008-09-10
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.
5 CVE-2007-3723 DoS 2007-07-12 2008-11-15
2.1
None Local Low Not required None None Partial
The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
6 CVE-2007-0895 2007-02-12 2008-09-05
2.6
None Local High Not required None Partial Partial
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.
7 CVE-2006-5215 2006-10-10 2008-09-05
2.6
None Local High Not required Partial Partial None
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
8 CVE-2006-4303 DoS 2006-08-22 2008-09-05
2.6
None Remote High Not required None None Partial
Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).
9 CVE-2006-3825 Bypass 2006-07-25 2008-09-05
2.1
None Local Low Not required None Partial None
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.
10 CVE-2006-1782 2006-04-13 2008-09-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.
11 CVE-2006-1780 DoS 2006-04-13 2008-09-05
2.1
None Local Low Not required None None Partial
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.
12 CVE-2006-1092 DoS 2006-03-09 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.
13 CVE-2006-0516 DoS 2006-02-02 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.
14 CVE-2006-0227 2006-01-17 2008-09-05
2.6
None Local High Not required None Partial Partial
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.
15 CVE-2005-4706 DoS 2005-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.
16 CVE-2005-4701 +Info 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.
17 CVE-2005-4133 2005-12-09 2008-09-05
2.1
None Local Low Not required Partial None None
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.
18 CVE-2005-3250 DoS 2005-10-17 2013-07-20
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.
19 CVE-2005-3238 DoS 2005-10-14 2008-09-05
2.1
None Local Low Not required None None Partial
Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.
20 CVE-2005-3071 DoS 2005-09-27 2008-09-10
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
21 CVE-2005-3001 DoS 2005-09-20 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
22 CVE-2005-2032 2005-06-16 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.
23 CVE-2005-1518 DoS 2005-05-11 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.
24 CVE-2004-1360 2004-02-27 2008-09-10
2.1
None Local Low Not required None Partial None
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
25 CVE-2004-1356 DoS 2004-04-23 2008-09-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
26 CVE-2004-1355 DoS 2004-04-26 2008-09-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
27 CVE-2004-1349 2004-10-04 2008-09-10
2.1
None Local Low Not required Partial None None
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
28 CVE-2004-1346 DoS 2004-06-19 2008-09-10
2.1
None Local Low Not required None None Partial
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.
29 CVE-2004-0654 DoS 2004-08-06 2008-09-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).
30 CVE-2004-0653 2004-08-06 2008-09-10
2.1
None Local Low Not required Partial None None
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
31 CVE-2004-0481 2005-02-23 2008-09-05
2.1
None Local Low Not required None Partial None
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
32 CVE-2003-1077 DoS 2003-03-05 2008-09-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).
33 CVE-2003-1072 DoS 2003-04-28 2008-09-10
2.1
None Local Low Not required None None Partial
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).
34 CVE-2003-1071 2003-01-03 2008-09-10
2.1
None Local Low Not required None Partial None
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
35 CVE-2003-1065 DoS 2003-07-23 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).
36 CVE-2002-1589 DoS 2002-10-24 2008-09-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
37 CVE-2002-1587 DoS 2002-12-04 2008-09-10
2.1
None Local Low Not required None None Partial
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.
38 CVE-2002-1586 DoS 2002-12-03 2008-09-10
2.1
None Local Low Not required None None Partial
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
39 CVE-2001-1503 2001-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
40 CVE-2001-1066 2001-08-31 2008-09-05
2.1
None Local Low Not required None Partial None
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
41 CVE-1999-1587 1999-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
42 CVE-1999-1423 DoS 1997-06-26 2008-09-05
2.1
None Local Low Not required None None Partial
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
43 CVE-1999-1402 1997-05-17 2008-09-05
2.1
None Local Low Not required None Partial None
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
44 CVE-1999-1297 1998-07-15 2008-09-05
2.1
None Local Low Not required Partial None None
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
45 CVE-1999-1137 1993-10-01 2008-09-05
2.1
None Local Low Not required Partial None None
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
46 CVE-1999-1118 DoS 1998-03-11 2008-09-05
2.1
None Local Low Not required None None Partial
ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
47 CVE-1999-0860 1999-12-01 2008-09-09
2.1
None Local Low Not required Partial None None
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
48 CVE-1999-0859 1999-12-01 2008-09-09
2.1
None Local Low Not required Partial None None
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
49 CVE-1999-0851 DoS 1999-11-10 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in BIND named via naptr.
50 CVE-1999-0442 1999-01-07 2008-09-09
2.1
None Local Low Not required None Partial None
Solaris ff.core allows local users to modify files.
Total number of vulnerabilities : 53   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.