Sun Cluster vulnerabilities

CVE-2003-1588 [LOW] CWE-255 CVE-2003-1588: Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.

CVE-2009-3433 [HIGH] CVE-2009-3433: Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows local users to gain privileges via unknown vectors.

CVE-2008-2539 [HIGH] CWE-264 CVE-2008-2539: The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlyin The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors.

CVE-2007-2267 [MEDIUM] CVE-2007-2267: Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote a Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1.

CVE-2006-1601 [LOW] CVE-2006-1601: Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors.

CVE-2003-1563 [MEDIUM] CVE-2003-1563: Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster r

CVE-2001-0077 [MEDIUM] CVE-2001-0077: The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attacke The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations.

CVE-2001-0078 [LOW] CVE-2001-0078: in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the st in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.