Sun Solaris vulnerabilities

CVE-2003-1078 [HIGH] CVE-2003-1078: The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.

CVE-2003-0058 [MEDIUM] CVE-2003-0058: MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

CVE-2003-1079 [MEDIUM] CVE-2003-1079: Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.

CVE-2003-0027 [MEDIUM] CVE-2003-0027: Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

CVE-2003-1075 [MEDIUM] CVE-2003-1075: Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.

CVE-2003-1071 [LOW] CVE-2003-1071: rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on u rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.

CVE-2002-1871 [HIGH] CVE-2002-1871: pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

CVE-2002-1980 [HIGH] CVE-2002-1980: Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.

CVE-2002-2197 [HIGH] CVE-2002-2197: Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel pan Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.

CVE-2002-2203 [MEDIUM] CVE-2002-2203: Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows loca Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.

CVE-2002-2089 [MEDIUM] CVE-2002-2089: Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long comman Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.

CVE-2002-1584 [CRITICAL] CVE-2002-1584: Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

CVE-2002-1296 [HIGH] CVE-2002-1296: Directory traversal vulnerability in priocntl system call in Solaris does allows local users to exec Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.

CVE-2002-1345 [MEDIUM] CVE-2002-1345: Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious F Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

CVE-2002-1317 [HIGH] CVE-2002-1317: Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allow Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

CVE-2002-1323 [MEDIUM] CVE-2002-1323: Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

CVE-2002-1587 [LOW] CVE-2002-1587: The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a den The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.

CVE-2002-1586 [LOW] CVE-2002-1586: Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting th Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.

CVE-2002-1585 [MEDIUM] CVE-2002-1585: Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers t Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.

CVE-2002-1590 [HIGH] CWE-264 CVE-2002-1590: The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.