| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines. |
| The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy. |
| Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet. |
| Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets. |
| Denial of service through Solaris 2.5.1 telnet by sending ^D characters. |
| Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. |
| ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. |
| Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. |
| Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option. |
| Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. |
| loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584. |
| passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument. |
| ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. |
| catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. |
| Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable. |
| The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches. |
| Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter. |
| Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors. |
| Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. |
