Sun Sunos vulnerabilities

CVE-2002-0572 [HIGH] CVE-2002-0572: FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

CVE-2002-0089 [HIGH] CVE-2002-0089: Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.

CVE-2002-0084 [HIGH] CVE-2002-0084: Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local user Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.

CVE-2002-0088 [HIGH] CVE-2002-0088: Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.

CVE-2002-0085 [MEDIUM] CVE-2002-0085: cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via a cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.

CVE-2001-1583 [CRITICAL] CVE-2001-1583: lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands v lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.

CVE-2001-1582 [HIGH] CWE-119 CVE-2001-1582: Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users t Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.

CVE-2001-1555 [MEDIUM] CVE-2001-1555: pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of termi pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.

CVE-2001-1503 [LOW] CVE-2001-1503: The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.

CVE-2001-0797 [CRITICAL] CVE-2001-0797: Buffer overflow in login in various System V based operating systems allows remote attackers to exec Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

CVE-2001-0652 [HIGH] CVE-2001-0652: Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a lon Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.

CVE-2001-0779 [CRITICAL] CVE-2001-0779: Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers t Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.

CVE-2001-1414 [HIGH] CVE-2001-1414: The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.

CVE-2001-0699 [HIGH] CVE-2001-0699: Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a loca Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.

CVE-2001-0554 [CRITICAL] CWE-120 CVE-2001-0554: Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attack Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

CVE-2001-0548 [MEDIUM] CVE-2001-0548: Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL en Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.

CVE-2001-0565 [MEDIUM] CVE-2001-0565: Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privile Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.

CVE-2001-0594 [MEDIUM] CVE-2001-0594: kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privilege kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.

CVE-2001-0595 [MEDIUM] CVE-2001-0595: Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.

CVE-2001-0353 [CRITICAL] CVE-2001-0353: Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remot Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.