SUN : Security Vulnerabilities, CVEs, Published In 2004 (Code Execution)

Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.

Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.

Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.

Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.