Vulnerabilities (CVE)

Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.

Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.

pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.

Buffer overflow in SGI IRIX mailx program.

Delete or create a file via rpc.statd, due to invalid information.

Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors.

Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors that cause (1) qmaster or (2) execd to terminate.

Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.

The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.

Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.

The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.

Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.

/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.

Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.

Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.

Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.

Teardrop IP denial of service.

Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data.

Denial of service in BIND named via malformed SIG records.

Buffer overflow in Solaris dtprintinfo program.

The recover program in Solstice Backup allows local users to restore sensitive files.

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based i ... Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

Show More

A version of rusers is running that exposes valid user information to any entity on the network.

Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.

Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.

Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.

Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.