| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2009-4080 |
|
|
DoS |
2009-11-29 |
2009-12-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. |
|
2 |
CVE-2009-1276 |
200 |
|
+Info |
2009-04-09 |
2009-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. |
|
3 |
CVE-2008-5690 |
255 |
|
DoS |
2008-12-19 |
2010-07-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. |
|
4 |
CVE-2008-3426 |
|
|
DoS |
2008-07-31 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru. |
|
5 |
CVE-2007-3723 |
|
|
DoS |
2007-07-12 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." |
|
6 |
CVE-2007-0895 |
|
|
|
2007-02-12 |
2008-09-05 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. |
|
7 |
CVE-2006-5215 |
|
|
|
2006-10-10 |
2008-09-05 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. |
|
8 |
CVE-2006-4303 |
|
|
DoS |
2006-08-22 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion). |
|
9 |
CVE-2006-3825 |
|
|
Bypass |
2006-07-25 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. |
|
10 |
CVE-2006-1782 |
|
|
|
2006-04-13 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch. |
|
11 |
CVE-2006-1780 |
|
|
DoS |
2006-04-13 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files. |
|
12 |
CVE-2006-1092 |
|
|
DoS |
2006-03-09 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed. |
|
13 |
CVE-2006-0516 |
|
|
DoS |
2006-02-02 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors. |
|
14 |
CVE-2006-0227 |
|
|
|
2006-01-17 |
2008-09-05 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors. |
|
15 |
CVE-2005-4706 |
|
|
DoS |
2005-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function. |
|
16 |
CVE-2005-4701 |
|
|
+Info |
2005-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx. |
|
17 |
CVE-2005-4133 |
|
|
|
2005-12-09 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files. |
|
18 |
CVE-2005-3250 |
|
|
DoS |
2005-10-17 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference. |
|
19 |
CVE-2005-3238 |
|
|
DoS |
2005-10-14 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors. |
|
20 |
CVE-2005-3071 |
|
|
DoS |
2005-09-27 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS. |
|
21 |
CVE-2005-3001 |
|
|
DoS |
2005-09-20 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. |
|
22 |
CVE-2005-2032 |
|
|
|
2005-06-16 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. |
|
23 |
CVE-2005-1518 |
|
|
DoS |
2005-05-11 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500. |
|
24 |
CVE-2004-1360 |
|
|
|
2004-02-27 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files. |
|
25 |
CVE-2004-1356 |
|
|
DoS |
2004-04-23 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. |
|
26 |
CVE-2004-1355 |
|
|
DoS |
2004-04-26 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. |
|
27 |
CVE-2004-1349 |
|
|
|
2004-10-04 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. |
|
28 |
CVE-2004-1346 |
|
|
DoS |
2004-06-19 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM. |
|
29 |
CVE-2004-0654 |
|
|
DoS |
2004-08-06 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic). |
|
30 |
CVE-2004-0653 |
|
|
|
2004-08-06 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files. |
|
31 |
CVE-2004-0481 |
|
|
|
2005-02-23 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file. |
|
32 |
CVE-2003-1077 |
|
|
DoS |
2003-03-05 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang). |
|
33 |
CVE-2003-1072 |
|
|
DoS |
2003-04-28 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption). |
|
34 |
CVE-2003-1071 |
|
|
|
2003-01-03 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header. |
|
35 |
CVE-2003-1065 |
|
|
DoS |
2003-07-23 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash). |
|
36 |
CVE-2002-1589 |
|
|
DoS |
2002-10-24 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic). |
|
37 |
CVE-2002-1587 |
|
|
DoS |
2002-12-04 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex. |
|
38 |
CVE-2002-1586 |
|
|
DoS |
2002-12-03 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference. |
|
39 |
CVE-2001-1503 |
|
|
|
2001-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host. |
|
40 |
CVE-2001-1066 |
|
|
|
2001-08-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack. |
|
41 |
CVE-1999-1587 |
|
|
|
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option. |
|
42 |
CVE-1999-1423 |
|
|
DoS |
1997-06-26 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i. |
|
43 |
CVE-1999-1402 |
|
|
|
1997-05-17 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. |
|
44 |
CVE-1999-1297 |
|
|
|
1998-07-15 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key. |
|
45 |
CVE-1999-1137 |
|
|
|
1993-10-01 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. |
|
46 |
CVE-1999-1118 |
|
|
DoS |
1998-03-11 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. |
|
47 |
CVE-1999-0860 |
|
|
|
1999-12-01 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack. |
|
48 |
CVE-1999-0859 |
|
|
|
1999-12-01 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. |
|
49 |
CVE-1999-0851 |
|
|
DoS |
1999-11-10 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in BIND named via naptr. |
|
50 |
CVE-1999-0442 |
|
|
|
1999-01-07 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Solaris ff.core allows local users to modify files. |
