CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Solaris : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4191 +Priv 2009-12-03 2009-12-04
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
2 CVE-2009-3899 399 DoS 2009-11-06 2010-08-21
7.8
None Remote Low Not required None None Complete
Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
3 CVE-2009-3851 2009-11-03 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the "restart daemon."
4 CVE-2009-3390 +Priv 2009-09-24 2009-09-25
7.2
None Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library.
5 CVE-2009-3183 119 Overflow +Priv 2009-09-14 2012-10-22
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.
6 CVE-2009-3164 DoS 2009-09-10 2010-06-25
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136.
7 CVE-2009-3000 399 DoS 2009-08-28 2009-08-31
7.1
None Remote Medium Not required None None Complete
The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."
8 CVE-2009-2972 399 DoS 2009-08-27 2010-08-21
7.8
None Remote Low Not required None None Complete
in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."
9 CVE-2009-2487 399 DoS 2009-07-16 2010-08-21
7.8
None Remote Low Not required None None Complete
Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.
10 CVE-2009-2486 DoS 2009-07-16 2010-08-21
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.
11 CVE-2009-2297 DoS 2009-07-02 2009-07-15
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches.
12 CVE-2009-2137 399 DoS 2009-06-19 2009-07-01
7.8
None Remote Low Not required None None Complete
Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value.
13 CVE-2009-2136 DoS 2009-06-19 2009-09-17
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames.
14 CVE-2009-0923 DoS 2009-03-17 2010-08-21
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server.
15 CVE-2009-0304 1 DoS 2009-01-27 2012-02-07
7.8
None Remote Low Not required None None Complete
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
16 CVE-2008-5689 399 1 DoS Exec Code 2008-12-19 2011-02-02
7.2
None Local Low Not required Complete Complete Complete
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
17 CVE-2008-5410 310 DoS 2008-12-09 2009-03-04
7.8
None Remote Low Not required None None Complete
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.
18 CVE-2008-4131 264 +Priv 2008-09-19 2009-08-19
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.
19 CVE-2008-3875 264 Bypass 2008-09-02 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.
20 CVE-2008-3838 20 DoS 2008-08-27 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.
21 CVE-2008-3666 DoS 2008-08-13 2011-04-07
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library.
22 CVE-2008-3450 264 DoS +Priv 2008-08-04 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.
23 CVE-2008-2946 399 DoS 2008-06-30 2008-09-10
7.8
None Remote Low Not required None None Complete
The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets.
24 CVE-2008-2710 189 Exec Code Overflow Bypass 2008-06-16 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.
25 CVE-2008-2121 16 DoS 2008-05-09 2008-09-05
7.8
None Remote Low Not required None None Complete
The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack.
26 CVE-2008-2090 399 DoS 2008-05-06 2009-04-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
27 CVE-2008-2089 16 DoS 2008-05-06 2009-03-04
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
28 CVE-2008-0242 +Priv 2008-01-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
29 CVE-2007-6180 362 DoS 2007-11-29 2008-11-15
7.6
None Local Network Medium Not required Partial Complete Complete
Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.
30 CVE-2007-5716 DoS 2007-10-30 2008-11-15
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.
31 CVE-2007-5462 20 DoS 2007-10-15 2008-11-15
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.
32 CVE-2007-5365 119 1 DoS Exec Code Overflow 2007-10-11 2011-08-02
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
33 CVE-2007-4395 +Priv 2007-08-17 2011-09-01
7.6
Admin Remote High Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role.
34 CVE-2007-3471 Exec Code Overflow 2007-06-28 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
35 CVE-2007-3470 DoS 2007-06-28 2008-11-15
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
36 CVE-2007-3248 DoS 2007-06-18 2008-11-15
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.
37 CVE-2007-3223 DoS 2007-06-14 2008-11-15
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.
38 CVE-2007-2989 DoS 2007-06-01 2008-11-15
7.8
None Remote Low Not required None None Complete
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
39 CVE-2007-2529 DoS +Priv 2007-05-08 2012-11-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.
40 CVE-2007-1681 DoS Exec Code +Info 2007-04-19 2008-11-13
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
41 CVE-2007-0914 DoS 2007-02-13 2008-11-15
7.1
None Remote Medium Not required None None Complete
Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.
42 CVE-2007-0634 DoS 2007-01-31 2008-11-15
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
43 CVE-2007-0470 +Priv 2007-01-23 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
44 CVE-2007-0165 DoS 2007-01-09 2009-03-04
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
45 CVE-2006-7028 DoS 2007-02-22 2008-09-05
7.8
None Remote Low Not required None None Complete
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error.
46 CVE-2006-5075 DoS 2006-09-28 2008-09-05
7.8
None Remote Low Not required None None Complete
The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.
47 CVE-2006-5073 DoS 2006-09-28 2008-09-05
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.
48 CVE-2006-5013 DoS 2006-09-26 2008-09-05
7.8
None Remote Low Not required None None Complete
Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.
49 CVE-2006-4319 Exec Code Overflow 2006-08-23 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
50 CVE-2006-4307 2006-08-23 2011-04-01
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.
Total number of vulnerabilities : 194   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.