Sun Solaris vulnerabilities

CVE-2006-3728 [MEDIUM] CVE-2006-3728: Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and wi Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system panic, application failure, or "data corruption."

CVE-2006-3664 [MEDIUM] CVE-2006-3664: Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attacker Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.

CVE-2006-3606 [MEDIUM] CVE-2006-3606: Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.

CVE-2006-2064 [MEDIUM] CVE-2006-2064: Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions.

CVE-2006-1780 [LOW] CVE-2006-1780: The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh cr The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.

CVE-2006-1782 [LOW] CVE-2006-1782: Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.

CVE-2006-0745 [HIGH] CVE-2006-0745: X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

CVE-2006-1092 [LOW] CVE-2006-1092: Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.

CVE-2006-0901 [HIGH] CVE-2006-0901: Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attacker Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.

CVE-2006-0769 [HIGH] CVE-2006-0769: Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerber Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.

CVE-2006-0516 [LOW] CVE-2006-0516: Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64 Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.

CVE-2006-0227 [LOW] CVE-2006-0227: Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to del Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.

CVE-2006-0190 [HIGH] CVE-2006-0190: Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain pr Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.

CVE-2006-0191 [MEDIUM] CVE-2006-0191: Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null de Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.

CVE-2006-0161 [MEDIUM] CVE-2006-0161: Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOT Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780.

CVE-2005-4797 [MEDIUM] CVE-2005-4797: Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.

CVE-2005-4701 [LOW] CVE-2005-4701: Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to ob Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.

CVE-2005-4706 [LOW] CVE-2005-4706: Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.

CVE-2005-4796 [LOW] CVE-2005-4796: Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.

CVE-2005-4133 [LOW] CVE-2005-4133: Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to o Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.