CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Solaris » 10 * Sparc * : Security Vulnerabilities Published In 2008

Cpe Name:cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5690 255 DoS 2008-12-19 2017-09-29
2.1
None Local Low Not required None None Partial
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.
2 CVE-2008-5684 399 DoS 2008-12-19 2017-09-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).
3 CVE-2008-5661 399 DoS 2008-12-17 2017-08-08
5.4
None Remote High Not required None None Complete
The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference.
4 CVE-2008-5550 2008-12-12 2018-10-30
4.3
None Remote Medium Not required None Partial None
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.
5 CVE-2008-5133 264 Bypass 2008-11-18 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
6 CVE-2008-5010 DoS 2008-11-10 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
7 CVE-2008-4160 399 DoS 2008-09-22 2017-09-29
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.
8 CVE-2008-4131 264 +Priv 2008-09-19 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.
9 CVE-2008-3875 264 Bypass 2008-09-02 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.
10 CVE-2008-3839 DoS 2008-08-27 2017-08-08
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a denial of service (panic) via unspecified vectors.
11 CVE-2008-3838 20 DoS 2008-08-27 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.
12 CVE-2008-3666 DoS 2008-08-13 2018-10-30
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library.
13 CVE-2008-3549 399 DoS 2008-08-07 2017-09-29
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.
14 CVE-2008-3426 DoS 2008-07-31 2018-10-30
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.
15 CVE-2008-2706 399 DoS 2008-06-16 2017-09-29
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.
16 CVE-2008-2538 362 2008-06-03 2017-09-29
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
17 CVE-2008-2418 362 DoS 2008-05-23 2017-09-29
4.7
None Local Medium Not required None None Complete
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
18 CVE-2008-2090 399 DoS 2008-05-06 2017-09-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
19 CVE-2008-2089 16 DoS 2008-05-06 2017-09-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
20 CVE-2008-1780 264 Bypass 2008-04-14 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
21 CVE-2008-1779 399 DoS 2008-04-14 2017-09-29
6.8
None Remote Low ??? None None Complete
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
22 CVE-2008-1684 362 2008-04-06 2017-09-29
4.7
None Local Medium Not required None None Complete
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
23 CVE-2008-1356 287 Bypass 2008-03-17 2017-08-08
6.3
None Local Medium Not required None Complete Complete
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.
24 CVE-2008-1317 DoS 2008-03-13 2017-08-08
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues.
25 CVE-2008-1205 DoS 2008-03-08 2017-08-08
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors.
26 CVE-2008-0965 134 Exec Code 2008-08-08 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
27 CVE-2008-0964 119 Exec Code Overflow 2008-08-08 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
28 CVE-2008-0938 200 +Info 2008-02-25 2017-09-29
4.7
None Local Medium Not required Complete None None
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
29 CVE-2008-0718 20 DoS 2008-02-12 2017-09-29
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
Total number of vulnerabilities : 29   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.