| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. |
| Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
| The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands. |
| Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap. |
| Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option. |
| Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. |
| The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Buffer overflow in ffbconfig in Solaris 2.5.1. |
| Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program. |
| kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. |
| Buffer overflow in xlock program allows local users to execute commands as root. |
| Command execution in Sun systems via buffer overflow in the at program. |
| In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files. |
| 64 bit Solaris 7 procfs allows local users to perform a denial of service. |
| sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. |
| Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. |
| Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). |
| vold in Solaris 2.x allows local users to gain root access. |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |