Sun Solaris vulnerabilities

CVE-1999-0818 [HIGH] CVE-1999-0818: Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable. Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable.

CVE-1999-0837 [CRITICAL] CVE-1999-0837: Denial of service in BIND by improperly closing TCP sessions via so_linger. Denial of service in BIND by improperly closing TCP sessions via so_linger.

CVE-1999-0848 [MEDIUM] CVE-1999-0848: Denial of service in BIND named via consuming more than "fdmax" file descriptors. Denial of service in BIND named via consuming more than "fdmax" file descriptors.

CVE-1999-0948 [HIGH] CVE-1999-0948: Buffer overflow in uum program for Canna input system allows local users to gain root privileges. Buffer overflow in uum program for Canna input system allows local users to gain root privileges.

CVE-1999-0949 [HIGH] CVE-1999-0949: Buffer overflow in canuum program for Canna input system allows local users to gain root privileges. Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.

CVE-1999-0908 [MEDIUM] CVE-1999-0908: Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

CVE-1999-0786 [MEDIUM] CVE-1999-0786: The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE envir The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

CVE-1999-0687 [HIGH] CVE-1999-0687: The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execut The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

CVE-1999-0691 [HIGH] CVE-1999-0691: Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

CVE-1999-0689 [HIGH] CVE-1999-0689: The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack. The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

CVE-1999-1014 [MEDIUM] CVE-1999-1014: Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a l Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.

CVE-1999-0767 [HIGH] CVE-1999-0767: Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable. Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

CVE-1999-0875 [HIGH] CWE-16 CVE-1999-0875: DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify the DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

CVE-1999-0674 [HIGH] CVE-1999-0674: The BSD profil system call allows a local user to modify the internal data space of a program via pr The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

CVE-1999-0676 [MEDIUM] CVE-1999-0676: sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

CVE-1999-0696 [CRITICAL] CVE-1999-0696: Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

CVE-2000-0118 [HIGH] CVE-2000-0118: The Red Hat Linux su program does not log failed password guesses if the su process is killed before The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

CVE-1999-0493 [HIGH] CVE-1999-0493: rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

CVE-1999-0773 [HIGH] CVE-1999-0773: Buffer overflow in Solaris lpset program allows local users to gain root access. Buffer overflow in Solaris lpset program allows local users to gain root access.

CVE-1999-0370 [MEDIUM] CVE-1999-0370: In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary fi In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.