CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN : Security Vulnerabilities Published In 2008 (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5690 255 DoS 2008-12-19 2010-07-20
2.1
None Local Low Not required None None Partial
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.
2 CVE-2008-5689 399 1 DoS Exec Code 2008-12-19 2011-02-02
7.2
None Local Low Not required Complete Complete Complete
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
3 CVE-2008-5685 DoS 2008-12-19 2010-07-13
10.0
Admin Remote Low Not required Complete Complete Complete
Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.
4 CVE-2008-5684 399 DoS 2008-12-19 2010-04-24
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).
5 CVE-2008-5661 399 DoS 2008-12-17 2008-12-18
5.4
None Remote High Not required None None Complete
The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference.
6 CVE-2008-5410 310 DoS 2008-12-09 2009-03-04
7.8
None Remote Low Not required None None Complete
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.
7 CVE-2008-5349 DoS 2008-12-05 2010-08-21
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
8 CVE-2008-5348 DoS 2008-12-05 2010-08-21
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.
9 CVE-2008-5111 DoS 2008-11-17 2012-10-30
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function.
10 CVE-2008-5010 DoS 2008-11-10 2009-03-13
10.0
Admin Remote Low Not required Complete Complete Complete
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
11 CVE-2008-5009 362 DoS 2008-11-10 2008-11-15
4.0
None Local High Not required None None Complete
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
12 CVE-2008-4722 287 DoS 2008-10-23 2009-02-20
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.
13 CVE-2008-4619 1 DoS 2008-10-20 2009-01-29
10.0
Admin Remote Low Not required Complete Complete Complete
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.
14 CVE-2008-4160 399 DoS 2008-09-22 2010-08-21
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.
15 CVE-2008-4117 DoS 2008-09-18 2008-09-24
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
16 CVE-2008-3839 DoS 2008-08-27 2009-08-26
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a denial of service (panic) via unspecified vectors.
17 CVE-2008-3838 20 DoS 2008-08-27 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.
18 CVE-2008-3683 DoS 2008-08-14 2009-02-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors.
19 CVE-2008-3666 DoS 2008-08-13 2011-04-07
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library.
20 CVE-2008-3549 399 DoS 2008-08-07 2009-03-04
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.
21 CVE-2008-3548 DoS 2008-08-07 2008-09-10
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service (panic) via unknown vectors.
22 CVE-2008-3450 264 DoS +Priv 2008-08-04 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.
23 CVE-2008-3426 DoS 2008-07-31 2008-09-10
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.
24 CVE-2008-3105 264 DoS 2008-07-09 2010-08-21
8.3
None Remote Medium Not required Partial Partial Complete
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
25 CVE-2008-2946 399 DoS 2008-06-30 2008-09-10
7.8
None Remote Low Not required None None Complete
The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets.
26 CVE-2008-2749 DoS 2008-06-18 2008-09-10
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
27 CVE-2008-2708 DoS 2008-06-16 2008-09-10
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSPARC T2+ kernel modules in Sun Solaris 10, and OpenSolaris before snv_93, allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files.
28 CVE-2008-2706 399 DoS 2008-06-16 2009-03-04
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.
29 CVE-2008-2552 399 DoS 2008-06-05 2010-06-13
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors.
30 CVE-2008-2418 362 DoS 2008-05-23 2009-03-13
4.7
None Local Medium Not required None None Complete
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
31 CVE-2008-2144 DoS Exec Code 2008-05-12 2009-04-02
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
32 CVE-2008-2121 16 DoS 2008-05-09 2008-09-05
7.8
None Remote Low Not required None None Complete
The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack.
33 CVE-2008-2090 399 DoS 2008-05-06 2009-04-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
34 CVE-2008-2089 16 DoS 2008-05-06 2009-03-04
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
35 CVE-2008-1779 399 DoS 2008-04-14 2009-03-04
6.8
None Remote Low Single system None None Complete
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
36 CVE-2008-1778 16 DoS 2008-04-14 2009-03-04
6.6
None Local Low Not required None Complete Complete
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.
37 CVE-2008-1756 DoS 2008-04-11 2008-09-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors.
38 CVE-2008-1480 1 DoS 2008-03-24 2010-08-21
4.3
None Remote Medium Not required None None Partial
rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.
39 CVE-2008-1317 DoS 2008-03-13 2008-09-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues.
40 CVE-2008-1205 DoS 2008-03-07 2008-09-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors.
41 CVE-2008-1194 DoS 2008-03-06 2010-08-21
4.3
None Remote Medium Not required None None Partial
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
42 CVE-2008-1187 264 DoS Exec Code 2008-03-06 2011-04-07
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
43 CVE-2008-1115 78 DoS 2008-03-03 2008-09-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
44 CVE-2008-1095 264 DoS Bypass 2008-02-29 2008-09-05
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.
45 CVE-2008-0933 362 DoS 2008-02-25 2008-09-05
4.7
None Local Medium Not required None None Complete
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
46 CVE-2008-0836 DoS 2008-02-20 2008-09-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than CVE-2007-5319.
47 CVE-2008-0718 20 DoS 2008-02-11 2008-09-05
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
48 CVE-2008-0628 264 DoS 2008-02-06 2010-08-21
7.8
None Remote Medium Not required None Partial Complete
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
49 CVE-2008-0269 DoS 2008-01-15 2008-09-05
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
50 CVE-2007-5747 189 DoS Exec Code Overflow 2008-04-17 2011-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.
Total number of vulnerabilities : 51   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.