Sun Solaris vulnerabilities

CVE-2009-0132 [MEDIUM] CWE-189 CVE-2009-0132: Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bi Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument).

CVE-2009-0069 [MEDIUM] CWE-399 CVE-2009-0069: Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client i Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors.

CVE-2008-5699 [MEDIUM] CWE-264 CVE-2008-5699: The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does n The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors.

CVE-2008-5689 [HIGH] CWE-399 CVE-2008-5689: tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a d tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.

CVE-2008-5684 [MEDIUM] CWE-399 CVE-2008-5684: Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 throu Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).

CVE-2008-5690 [LOW] CWE-255 CVE-2008-5690: The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 th The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.

CVE-2008-5661 [MEDIUM] CWE-399 CVE-2008-5661: The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain pa The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference.

CVE-2008-5550 [MEDIUM] CVE-2008-5550: Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.

CVE-2008-5410 [HIGH] CWE-310 CVE-2008-5410: The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference c The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.

CVE-2008-5133 [MEDIUM] CVE-2008-5133: ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server wit ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queri

CVE-2008-5111 [MEDIUM] CVE-2008-5111: Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through sn Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function.

CVE-2008-5010 [CRITICAL] CVE-2008-5010: in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, all in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.

CVE-2008-4556 [CRITICAL] CWE-119 CVE-2008-4556: Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.

CVE-2008-4160 [MEDIUM] CWE-399 CVE-2008-4160: Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.

CVE-2008-4131 [HIGH] CWE-264 CVE-2008-4131: Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privilege Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.

CVE-2008-3875 [HIGH] CWE-264 CVE-2008-3875: The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass ch The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.

CVE-2008-3838 [HIGH] CWE-20 CVE-2008-3838: Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solari Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.

CVE-2008-3839 [MEDIUM] CVE-2008-3839: Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 t Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a denial of service (panic) via unspecified vectors.

CVE-2008-3666 [HIGH] CVE-2008-3666: Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-depende Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a

CVE-2008-0964 [CRITICAL] CWE-119 CVE-2008-0964: Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before sn Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.