Sun Sunos vulnerabilities

CVE-2003-0161 [CRITICAL] CVE-2003-0161: The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not proper The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary

CVE-2003-0091 [HIGH] CVE-2003-0091: Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local us Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.

CVE-2003-0092 [HIGH] CVE-2003-0092: Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to ga Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.

CVE-2003-0028 [HIGH] CVE-2003-0028: Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external d Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVE-2002-1337 [CRITICAL] CWE-120 CVE-2002-1337: Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via cer Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

CVE-2003-0064 [HIGH] CVE-2003-0064: The dtterm terminal emulator allows attackers to modify the window title via a certain character esc The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

CVE-2003-1078 [HIGH] CVE-2003-1078: The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.

CVE-2003-0058 [MEDIUM] CVE-2003-0058: MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

CVE-2003-1079 [MEDIUM] CVE-2003-1079: Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.

CVE-2003-0027 [MEDIUM] CVE-2003-0027: Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

CVE-2003-1075 [MEDIUM] CVE-2003-1075: Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.

CVE-2003-1071 [LOW] CVE-2003-1071: rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on u rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.

CVE-2002-1871 [HIGH] CVE-2002-1871: pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

CVE-2002-1980 [HIGH] CVE-2002-1980: Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.

CVE-2002-2197 [HIGH] CVE-2002-2197: Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel pan Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.

CVE-2002-1763 [MEDIUM] CVE-2002-1763: The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed re The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.

CVE-2002-2203 [MEDIUM] CVE-2002-2203: Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows loca Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.

CVE-2002-2327 [MEDIUM] CWE-264 CVE-2002-2327: Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.

CVE-2002-1584 [CRITICAL] CVE-2002-1584: Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

CVE-2002-1296 [HIGH] CVE-2002-1296: Directory traversal vulnerability in priocntl system call in Solaris does allows local users to exec Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.