| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Denial of service in BIND by improperly closing TCP sessions via so_linger. |
| Solaris volrmmount program allows attackers to read any file. |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries. |
| Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. |
| ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i. |
| Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges. |
| The WorkMan program can be used to overwrite any file to get root access. |
| Denial of service through Solaris 2.5.1 telnet by sending ^D characters. |
| Solaris SUNWadmap can be exploited to obtain root access. |
| A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. |
| Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. |
| Command execution in Sun systems via buffer overflow in the at program. |
| An SNMP community name is the default (e.g. public), null, or missing. |
| Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. |
| Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. |
| Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg. |
| Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash). |
| Denial of service by sending forged ICMP unreachable packets. |
| passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument. |
| libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. |
