CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Solaris » 9.0 Sparc : Security Vulnerabilities

Cpe Name:cpe:/o:sun:solaris:9.0::sparc
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-2711 200 +Info 2009-08-07 2017-09-18
4.9
None Local Low Not required Complete None None
XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.
2 CVE-2009-2644 362 DoS 2009-07-29 2017-09-18
4.9
None Local Low Not required None None Complete
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."
3 CVE-2008-3870 189 Exec Code Overflow 2009-05-26 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
4 CVE-2008-3869 119 Exec Code Overflow 2009-05-26 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.
5 CVE-2007-6180 362 DoS 2007-11-29 2017-07-28
7.6
None Local Network Medium Not required Partial Complete Complete
Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.
6 CVE-2007-5632 DoS 2007-10-23 2017-09-28
4.9
None Local Low Not required None None Complete
Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.
7 CVE-2007-5462 20 DoS 2007-10-15 2017-07-28
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.
8 CVE-2007-5365 119 DoS Exec Code Overflow 2007-10-11 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
9 CVE-2007-5132 362 DoS 2007-09-27 2017-09-28
4.9
None Local Low Not required None None Complete
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."
10 CVE-2007-5118 DoS 2007-09-27 2017-09-28
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.
11 CVE-2007-4732 20 DoS 2007-09-06 2017-09-28
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.
12 CVE-2007-4070 2007-07-30 2017-09-28
4.9
None Local Low Not required Complete None None
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.
13 CVE-2007-3471 Exec Code Overflow 2007-06-28 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
14 CVE-2007-3458 DoS 2007-06-27 2017-10-10
4.9
None Local Low Not required None None Complete
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.
15 CVE-2007-3283 2007-06-19 2017-10-10
6.8
Admin Local Low Single system Complete Complete Complete
GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.
16 CVE-2007-2989 DoS 2007-06-01 2017-10-10
7.8
None Remote Low Not required None None Complete
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
17 CVE-2007-0895 2007-02-12 2018-10-30
2.6
None Local High Not required None Partial Partial
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.
18 CVE-2007-0503 Exec Code 2007-01-25 2018-10-30
6.9
Admin Local Medium Not required Complete Complete Complete
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.
19 CVE-2007-0470 +Priv 2007-01-23 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
20 CVE-2007-0393 +Priv 2007-01-19 2018-10-16
4.6
User Local Low Not required Partial Partial Partial
Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
21 CVE-2007-0165 DoS 2007-01-09 2018-10-30
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
22 CVE-2006-7028 DoS 2007-02-22 2018-10-30
7.8
None Remote Low Not required None None Complete
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error.
23 CVE-2006-6495 Exec Code Overflow 2006-12-12 2018-10-30
6.6
Admin Local Medium Single system Complete Complete Complete
Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.
24 CVE-2006-6494 Exec Code Dir. Trav. 2006-12-12 2018-10-30
6.6
Admin Local Medium Single system Complete Complete Complete
Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.
25 CVE-2006-6275 362 DoS 2006-12-04 2018-10-30
4.7
None Local Medium Not required None None Complete
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.
26 CVE-2006-5215 2006-10-10 2018-10-30
2.6
None Local High Not required Partial Partial None
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
27 CVE-2006-5214 2006-10-10 2018-10-30
1.2
None Local High Not required Partial None None
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
28 CVE-2006-5073 DoS 2006-09-28 2018-10-30
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.
29 CVE-2006-5012 DoS 2006-09-26 2018-10-30
6.6
None Local Low Not required None Complete Complete
Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.
30 CVE-2006-4655 Overflow +Priv 2006-09-08 2018-10-17
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
31 CVE-2006-4319 Exec Code Overflow 2006-08-23 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
32 CVE-2006-4307 2006-08-23 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.
33 CVE-2006-4306 Exec Code 2006-08-23 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile.
34 CVE-2006-3920 DoS 2006-07-28 2018-10-30
5.0
None Remote Low Not required None None Partial
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
35 CVE-2006-3664 DoS 2006-07-18 2018-10-30
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.
36 CVE-2006-3606 DoS 2006-07-18 2018-10-30
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.
37 CVE-2006-1782 2006-04-13 2018-10-30
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.
38 CVE-2006-1780 DoS 2006-04-13 2018-10-30
2.1
None Local Low Not required None None Partial
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.
39 CVE-2006-1092 DoS 2006-03-09 2018-10-30
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.
40 CVE-2006-0901 DoS Exec Code 2006-02-27 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.
41 CVE-2006-0227 2006-01-17 2018-10-30
2.6
None Local High Not required None Partial Partial
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.
42 CVE-2006-0190 DoS +Priv 2006-01-13 2017-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.
43 CVE-2006-0161 2006-01-10 2018-10-30
4.6
User Local Low Not required Partial Partial Partial
Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780.
44 CVE-2005-4797 Dir. Trav. 2005-12-31 2018-10-30
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
45 CVE-2005-4796 2005-12-31 2018-10-30
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.
46 CVE-2005-3674 DoS 2005-11-18 2008-09-05
7.8
None Remote Low Not required None None Complete
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
47 CVE-2005-3398 200 +Info 2005-11-01 2018-10-30
4.3
None Remote Medium Not required Partial None None
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
48 CVE-2005-3099 Exec Code 2005-09-28 2018-10-30
4.6
User Local Low Not required Partial Partial Partial
Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.
49 CVE-2005-3071 DoS 2005-09-27 2018-10-30
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
50 CVE-2005-2072 264 +Priv 2005-06-29 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
Total number of vulnerabilities : 134   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.