Oracle Solaris vulnerabilities

CVE-2009-2282 [MEDIUM] CWE-862 CVE-2009-2282: The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10 The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors.

CVE-2008-2992 [HIGH] CVE-2008-2992: Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

CVE-2008-4609 [HIGH] CWE-16 CVE-2008-4609: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cis The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

CVE-2007-0882 [CRITICAL] CWE-88 CVE-2007-0882: Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

CVE-2004-1349 [LOW] CWE-269 CVE-2004-1349: gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions o gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

CVE-2004-0230 [MEDIUM] CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

CVE-2002-1337 [CRITICAL] CWE-120 CVE-2002-1337: Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via cer Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

CVE-2001-0249 [CRITICAL] CWE-131 CVE-2001-0249: Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by cr Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

CVE-1999-0046 [CRITICAL] CWE-120 CVE-1999-0046: Buffer overflow of rlogin program using TERM environmental variable. Buffer overflow of rlogin program using TERM environmental variable.