| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. |
| Land IP denial of service. |
| pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password. |
| FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition. |
| Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure. |
| Buffer overflow in ffbconfig in Solaris 2.5.1. |
| Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
| Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
| Solaris SUNWadmap can be exploited to obtain root access. |
| The WorkMan program can be used to overwrite any file to get root access. |
| Solaris volrmmount program allows attackers to read any file. |
| nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. |
| Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. |
| In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. |
| Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. |
| The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. |
| The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root. |
| The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
