Sun Solaris vulnerabilities

CVE-2001-0190 [HIGH] CVE-2001-0190: Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, all Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).

CVE-2001-0124 [HIGH] CVE-2001-0124: Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileg Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.

CVE-2001-0115 [HIGH] CVE-2001-0115: Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary comm Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.

CVE-2000-0844 [CRITICAL] CWE-264 CVE-2000-0844: Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected fo Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

CVE-2000-0471 [HIGH] CVE-2000-0471: Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges vi Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

CVE-2000-0407 [HIGH] CVE-2000-0407: Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

CVE-2000-0317 [HIGH] CVE-2000-0317: Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option. Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.

CVE-2000-0316 [HIGH] CVE-2000-0316: Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.

CVE-2000-0337 [HIGH] CVE-2000-0337: Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.

CVE-2000-0055 [HIGH] CVE-2000-0055: Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n opti Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

CVE-1999-1588 [CRITICAL] CWE-119 CVE-1999-1588: Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to exe Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.

CVE-1999-1587 [LOW] CVE-1999-1587: /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.

CVE-2000-0032 [CRITICAL] CVE-2000-0032: Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

CVE-2000-0030 [MEDIUM] CVE-2000-0030: Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /v Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

CVE-1999-0977 [CRITICAL] CVE-1999-0977: Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PR Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

CVE-1999-0974 [CRITICAL] CVE-1999-0974: Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA reques Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

CVE-1999-0973 [CRITICAL] CVE-1999-0973: Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

CVE-1999-0982 [HIGH] CVE-1999-0982: The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

CVE-1999-0860 [LOW] CVE-1999-0860: Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable a Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.

CVE-1999-0859 [LOW] CVE-1999-0859: Solaris arp allows local users to read files via the -f parameter, which lists lines in the file tha Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.