| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg. |
| Buffer overflow in statd allows root privileges. |
| DNS cache poisoning via BIND, by predictable query IDs. |
| Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. |
| Buffer overflows in Sun libnsl allow root access. |
| Vacation program allows command execution by remote users through a sendmail command. |
| In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. |
| Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. |
| Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. |
| rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not. |
| The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. |
| Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). |
| The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
| Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable. |
| Denial of service in BIND by improperly closing TCP sessions via so_linger. |
| Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. |
| Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. |
| Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program. |
