Sun Sunos vulnerabilities

CVE-2000-0407 [HIGH] CVE-2000-0407: Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

CVE-2000-0317 [HIGH] CVE-2000-0317: Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option. Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.

CVE-2000-0316 [HIGH] CVE-2000-0316: Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.

CVE-2000-0337 [HIGH] CVE-2000-0337: Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.

CVE-2000-0055 [HIGH] CVE-2000-0055: Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n opti Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

CVE-1999-1584 [CRITICAL] CVE-1999-1584: Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.

CVE-1999-1585 [HIGH] CVE-1999-1585: The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged sh The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.

CVE-1999-1586 [HIGH] CVE-1999-1586: loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allow loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.

CVE-1999-1102 [LOW] CVE-1999-1102: lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

CVE-1999-1587 [LOW] CVE-1999-1587: /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.

CVE-2000-0032 [CRITICAL] CVE-2000-0032: Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

CVE-2000-0030 [MEDIUM] CVE-2000-0030: Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /v Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

CVE-1999-0977 [CRITICAL] CVE-1999-0977: Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PR Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

CVE-1999-0974 [CRITICAL] CVE-1999-0974: Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA reques Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

CVE-1999-0973 [CRITICAL] CVE-1999-0973: Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

CVE-1999-0860 [LOW] CVE-1999-0860: Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable a Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.

CVE-1999-0859 [LOW] CVE-1999-0859: Solaris arp allows local users to read files via the -f parameter, which lists lines in the file tha Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.

CVE-1999-0841 [HIGH] CVE-1999-0841: Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-T Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.

CVE-1999-0840 [HIGH] CVE-1999-0840: Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.

CVE-1999-0818 [HIGH] CVE-1999-0818: Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable. Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable.