Sun Sunos vulnerabilities

CVE-2007-2529 [HIGH] CVE-2007-2529: Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local us Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.

CVE-2007-2465 [MEDIUM] CVE-2007-2465: Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, wr Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function.

CVE-2007-2045 [MEDIUM] CVE-2007-2045: Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.

CVE-2006-7140 [MEDIUM] CVE-2006-7140: The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a s

CVE-2006-7028 [HIGH] CVE-2006-7028: Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the

CVE-2007-0895 [LOW] CVE-2007-0895: Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 t Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to

CVE-2007-0882 [CRITICAL] CWE-88 CVE-2007-0882: Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

CVE-2007-0503 [MEDIUM] CVE-2007-0503: Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local user Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.

CVE-2007-0470 [HIGH] CVE-2007-0470: Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uu Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.

CVE-2007-0165 [HIGH] CVE-2007-0165: Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

CVE-2006-6494 [MEDIUM] CVE-2006-6494: Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execu Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.

CVE-2006-6495 [MEDIUM] CVE-2006-6495: Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arb Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if

CVE-2006-6275 [MEDIUM] CWE-362 CVE-2006-6275: Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of ser Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.

CVE-2006-5201 [MEDIUM] CVE-2006-5201: Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which all

CVE-2006-5214 [LOW] CVE-2006-5214: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.

CVE-2006-5215 [LOW] CVE-2006-5215: The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 2006 The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

CVE-2006-5073 [HIGH] CVE-2006-5073: Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of se Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.

CVE-2006-5012 [MEDIUM] CVE-2006-5012: Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.

CVE-2006-4319 [HIGH] CVE-2006-4319: Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to form Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

CVE-2006-4307 [HIGH] CVE-2006-4307: Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.