Sun Solaris vulnerabilities

CVE-2008-0933 [MEDIUM] CWE-362 CVE-2008-0933: Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solari Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.

CVE-2008-0836 [MEDIUM] CVE-2008-0836: Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectur Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than CVE-2007-5319.

CVE-2008-0730 [MEDIUM] CWE-264 CVE-2008-0730: The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users.

CVE-2008-0718 [MEDIUM] CWE-20 CVE-2008-0718: Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-b Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.

CVE-2008-0242 [HIGH] CVE-2008-0242: Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gai Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.

CVE-2007-6505 [LOW] CWE-16 CVE-2007-6505: Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.

CVE-2007-6413 [CRITICAL] CWE-264 CVE-2007-6413: Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, al Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.

CVE-2007-6216 [MEDIUM] CWE-362 CVE-2007-6216: Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Sola Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs.

CVE-2007-6225 [MEDIUM] CVE-2007-6225: Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows loc Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors.

CVE-2007-6180 [HIGH] CWE-362 CVE-2007-6180: Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allow Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.

CVE-2007-5716 [HIGH] CVE-2007-5716: Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.

CVE-2007-5726 [MEDIUM] CVE-2007-5726: Unspecified vulnerability in the Stream Control Transmission Protocol (sctp) functionality in Sun So Unspecified vulnerability in the Stream Control Transmission Protocol (sctp) functionality in Sun Solaris 10, when at least one SCTP socket is in the LISTEN state, allows remote attackers to cause a denial of service (panic) via unspecified vectors related to "INIT processing."

CVE-2007-5632 [MEDIUM] CVE-2007-5632: Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.

CVE-2007-5462 [HIGH] CWE-20 CVE-2007-5462: Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 1 Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems fr

CVE-2007-5365 [HIGH] CWE-119 CVE-2007-5365: Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 throug Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

CVE-2007-5368 [MEDIUM] CVE-2007-5368: Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local u Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.

CVE-2007-5367 [MEDIUM] CWE-399 CVE-2007-5367: Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to c Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.

CVE-2007-5319 [LOW] CVE-2007-5319: Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local u Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.

CVE-2007-5118 [MEDIUM] CVE-2007-5118: Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.

CVE-2007-5132 [MEDIUM] CWE-362 CVE-2007-5132: Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of ser Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."