Sun Solaris vulnerabilities

CVE-2009-1207 [MEDIUM] CWE-362 CVE-2009-1207: Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_ Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.

CVE-2009-0923 [HIGH] CVE-2009-0923: Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 t Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server.

CVE-2009-0925 [MEDIUM] CWE-399 CVE-2009-0925: Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, and OpenSolaris snv_47 through s Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, and OpenSolaris snv_47 through snv_85, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6425723.

CVE-2009-0924 [MEDIUM] CWE-399 CVE-2009-0924: Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, when running in 64-bit mode on x Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, when running in 64-bit mode on x86 architectures, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6442712.

CVE-2009-0926 [MEDIUM] CWE-399 CVE-2009-0926: Unspecified vulnerability in the UFS filesystem functionality in Sun OpenSolaris snv_86 through snv_ Unspecified vulnerability in the UFS filesystem functionality in Sun OpenSolaris snv_86 through snv_91, when running in 32-bit mode on x86 systems, allows local users to cause a denial of service (panic) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6679732.

CVE-2009-0913 [MEDIUM] CVE-2009-0913: Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 t Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options.

CVE-2009-0874 [MEDIUM] CWE-399 CVE-2009-0874: Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 1 Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door ser

CVE-2009-0875 [MEDIUM] CWE-362 CVE-2009-0875: Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris bef Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.

CVE-2009-0872 [MEDIUM] CWE-264 CVE-2009-0872: The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AU The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.

CVE-2009-0873 [MEDIUM] CWE-264 CVE-2009-0873: The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "ov

CVE-2009-0870 [MEDIUM] CWE-399 CVE-2009-0870: The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function.

CVE-2009-0480 [MEDIUM] CWE-189 CVE-2009-0480: The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper a The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.

CVE-2008-6024 [MEDIUM] CWE-399 CVE-2008-6024: Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris before snv_37, when automountd is used, allows user-assisted remote attackers to cause a denial of service (unresponsive NFS filesystems) via unknown vectors.

CVE-2009-0346 [MEDIUM] CWE-310 CVE-2009-0346: The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solari The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection.

CVE-2009-0319 [MEDIUM] CVE-2009-0319: Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSo Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."

CVE-2009-0304 [HIGH] CVE-2009-0304: The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attacker The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.

CVE-2009-0268 [MEDIUM] CWE-362 CVE-2009-0268: Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenS Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.

CVE-2009-0267 [MEDIUM] CVE-2009-0267: libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, whi libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.

CVE-2009-0167 [MEDIUM] CVE-2009-0167: Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability."

CVE-2009-0168 [MEDIUM] CVE-2009-0168: Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporary files.