SUN » Sunos : Security Vulnerabilities, CVEs, CVSS score between 7 and 7.99

Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.

Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.

Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error.

Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.

The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack.

The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets.

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS.

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP.

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to iSCSI DataMover (IDM).

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.

Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP.

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR.

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel.

Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover).

Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).

Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Vacation program allows command execution by remote users through a sendmail command.

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.

In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.