Sun Solaris vulnerabilities
429 known vulnerabilities affecting sun/solaris.
Total CVEs
429
CISA KEV
0
Public exploits
102
Exploited in wild
0
Severity breakdown
CRITICAL49HIGH153MEDIUM172LOW55
Vulnerabilities
Page 14 of 22
CVE-2003-1081CRITICALCVSS 10.0v8.02003-09-09
CVE-2003-1081 [CRITICAL] CWE-264 CVE-2003-1081: Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .a
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.
nvd
CVE-2003-0466CRITICALCVSS 9.8PoCv9.02003-08-27
CVE-2003-0466 [CRITICAL] CWE-193 CVE-2003-0466: Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may al
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU
nvd
CVE-2003-0609HIGHCVSS 7.2PoCv2.6v7.0+2 more2003-08-27
CVE-2003-0609 [HIGH] CVE-2003-0609: Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local us
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
nvd
CVE-2003-0669LOWCVSS 1.2v2.6v7.0+2 more2003-08-27
CVE-2003-0669 [LOW] CVE-2003-0669: Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
nvd
CVE-2003-1063HIGHCVSS 7.5v2.6v7.02003-08-20
CVE-2003-1063 [HIGH] CVE-2003-1063: The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
nvd
CVE-2003-1055HIGHCVSS 7.2PoCv8.0v9.02003-07-03
CVE-2003-1055 [HIGH] CVE-2003-1055: Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain r
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.
nvd
CVE-2003-1067HIGHCVSS 7.2v2.6v7.0+2 more2003-06-19
CVE-2003-1067 [HIGH] CVE-2003-1067: Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
nvd
CVE-2003-1068HIGHCVSS 7.2v2.6v7.0+2 more2003-06-06
CVE-2003-1068 [HIGH] CVE-2003-1068: Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges,
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.
nvd
CVE-2003-1069MEDIUMCVSS 5.0v2.6v7.0+2 more2003-06-03
CVE-2003-1069 [MEDIUM] CVE-2003-1069: The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial o
The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).
nvd
CVE-2003-0196CRITICALCVSS 10.0v2.5.1v2.6+3 more2003-05-05
CVE-2003-0196 [CRITICAL] CVE-2003-0196: Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary cod
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
nvd
CVE-2003-0201CRITICALCVSS 10.0PoCv2.5.1v2.6+3 more2003-05-05
CVE-2003-0201 [CRITICAL] CVE-2003-0201: Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 an
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
nvd
CVE-2003-1070MEDIUMCVSS 5.0v2.6v7.0+2 more2003-04-28
CVE-2003-1070 [MEDIUM] CVE-2003-1070: Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).
nvd
CVE-2003-1072LOWCVSS 2.1v8.02003-04-28
CVE-2003-1072 [LOW] CVE-2003-1072: Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory c
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).
nvd
CVE-2003-0161CRITICALCVSS 10.0PoCv2.4v2.5+5 more2003-04-02
CVE-2003-0161 [CRITICAL] CVE-2003-0161: The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not proper
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary
nvd
CVE-2003-0091HIGHCVSS 7.2v2.62003-04-02
CVE-2003-0091 [HIGH] CVE-2003-0091: Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local us
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
nvd
CVE-2003-0092HIGHCVSS 7.2v2.6v9.02003-04-02
CVE-2003-0092 [HIGH] CVE-2003-0092: Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to ga
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.
nvd
CVE-2003-1074HIGHCVSS 7.2v9.02003-03-28
CVE-2003-1074 [HIGH] CVE-2003-1074: Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.
Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.
nvd
CVE-2003-0028HIGHCVSS 7.5v2.5.1v2.6+3 more2003-03-25
CVE-2003-0028 [HIGH] CVE-2003-0028: Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external d
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
nvd
CVE-2003-1077LOWCVSS 2.1v9.02003-03-05
CVE-2003-1077 [LOW] CVE-2003-1077: Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to ca
Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).
nvd
CVE-2003-0064HIGHCVSS 7.5v2.5.1v2.6+3 more2003-03-03
CVE-2003-0064 [HIGH] CVE-2003-0064: The dtterm terminal emulator allows attackers to modify the window title via a certain character esc
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
nvd