| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
| Solaris SUNWadmap can be exploited to obtain root access. |
| The WorkMan program can be used to overwrite any file to get root access. |
| Solaris volrmmount program allows attackers to read any file. |
| nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. |
| Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. |
| In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. |
| Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. |
| The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. |
| The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root. |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. |
| cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. |
| Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. |
| Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument. |
| /opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI. |
| The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). |
| /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option. |
| The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
| Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory. |
