CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Solaris » 2.6 : Security Vulnerabilities

Cpe Name:cpe:/o:sun:solaris:2.6
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4796 2005-12-31 2018-10-30
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.
2 CVE-2004-2686 22 Dir. Trav. 2004-12-31 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
3 CVE-2004-1767 264 +Priv 2004-12-31 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
4 CVE-2004-1393 DoS 2004-12-31 2018-10-30
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).
5 CVE-2004-1359 Exec Code Overflow 2004-03-04 2018-10-30
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.
6 CVE-2003-1082 Overflow +Priv 2003-12-31 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.
7 CVE-2003-1080 2003-02-11 2018-10-30
1.2
None Local High Not required Partial None None
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
8 CVE-2003-1079 DoS 2003-02-18 2018-10-30
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.
9 CVE-2003-1078 2003-02-28 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
10 CVE-2003-1075 DoS 2003-01-27 2018-10-30
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.
11 CVE-2003-1073 2003-12-31 2018-10-30
1.2
None Local High Not required None Partial None
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
12 CVE-2003-1071 2003-01-03 2018-10-30
2.1
None Local Low Not required None Partial None
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
13 CVE-2003-1070 DoS 2003-04-28 2018-10-30
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).
14 CVE-2003-1069 DoS 2003-06-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).
15 CVE-2003-1068 Overflow +Priv 2003-06-06 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.
16 CVE-2003-1067 Overflow +Priv 2003-06-19 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
17 CVE-2003-1066 DoS Exec Code Overflow 2003-12-31 2018-10-30
5.0
None Remote Low Not required None None Partial
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.
18 CVE-2003-1063 Bypass 2003-08-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
19 CVE-2003-1062 2003-10-15 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory.
20 CVE-2003-1061 DoS 2003-10-14 2018-10-30
1.2
None Local High Not required None None Partial
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
21 CVE-2003-1059 2003-11-20 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
22 CVE-2003-1058 DoS 2003-12-03 2018-10-30
3.7
User Local High Not required Partial Partial Partial
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
23 CVE-2003-1057 Exec Code 2003-12-08 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.
24 CVE-2003-1056 2003-12-11 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
25 CVE-2003-0999 Exec Code 2004-01-05 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
26 CVE-2003-0694 Exec Code Overflow 2003-10-06 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
27 CVE-2003-0669 DoS 2003-08-27 2018-10-30
1.2
None Local High Not required None None Partial
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
28 CVE-2003-0609 Overflow +Priv 2003-08-27 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
29 CVE-2003-0201 Exec Code Overflow 2003-05-05 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
30 CVE-2003-0196 DoS Exec Code Overflow 2003-05-05 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
31 CVE-2003-0161 DoS Exec Code Overflow 2003-04-02 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
32 CVE-2003-0092 Overflow +Priv 2003-04-02 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.
33 CVE-2003-0091 1 Overflow +Priv 2003-04-02 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
34 CVE-2003-0064 Exec Code 2003-03-03 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
35 CVE-2003-0028 Exec Code Overflow 2003-03-25 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
36 CVE-2003-0027 Dir. Trav. 2003-02-07 2018-10-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
37 CVE-2002-2203 2002-12-31 2018-10-30
4.9
None Local Low Not required Complete None None
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.
38 CVE-2002-1980 Exec Code Overflow 2002-12-31 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.
39 CVE-2002-1871 2002-12-31 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
40 CVE-2002-1587 DoS 2002-12-04 2018-10-30
2.1
None Local Low Not required None None Partial
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.
41 CVE-2002-1586 DoS 2002-12-03 2018-10-30
2.1
None Local Low Not required None None Partial
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
42 CVE-2002-1584 +Priv 2002-12-27 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
43 CVE-2002-1345 Dir. Trav. 2002-12-23 2018-10-30
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
44 CVE-2002-1337 Exec Code Overflow 2003-03-07 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
45 CVE-2002-1317 DoS Exec Code Overflow 2002-12-11 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
46 CVE-2002-1296 Exec Code Dir. Trav. 2002-12-23 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
47 CVE-2002-0797 Overflow +Priv 2002-08-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
48 CVE-2002-0796 +Priv 2002-08-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
49 CVE-2002-0679 Exec Code Overflow 2002-09-05 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
50 CVE-2002-0678 2002-07-23 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
Total number of vulnerabilities : 131   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.