Sun Sunos vulnerabilities

CVE-1999-0134 [HIGH] CVE-1999-0134: vold in Solaris 2.x allows local users to gain root access. vold in Solaris 2.x allows local users to gain root access.

CVE-1999-1413 [MEDIUM] CVE-1999-1413: Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.

CVE-1999-0136 [HIGH] CVE-1999-0136: Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.

CVE-1999-0135 [HIGH] CVE-1999-0135: admintool in Solaris allows a local user to write to arbitrary files and gain root access. admintool in Solaris allows a local user to write to arbitrary files and gain root access.

CVE-1999-0023 [HIGH] CVE-1999-0023: Local user gains root privileges via buffer overflow in rdist, via lookup() function. Local user gains root privileges via buffer overflow in rdist, via lookup() function.

CVE-1999-0022 [HIGH] CWE-125 CVE-1999-0022: Local user gains root privileges via buffer overflow in rdist, via expstr() function. Local user gains root privileges via buffer overflow in rdist, via expstr() function.

CVE-1999-0019 [MEDIUM] CVE-1999-0019: Delete or create a file via rpc.statd, due to invalid information. Delete or create a file via rpc.statd, due to invalid information.

CVE-1999-0078 [LOW] CVE-1999-0078: pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

CVE-1999-0143 [MEDIUM] CVE-1999-0143: Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

CVE-1999-0099 [CRITICAL] CVE-1999-0099: Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

CVE-1999-0164 [MEDIUM] CVE-1999-0164: A race condition in the Solaris ps command allows an attacker to overwrite critical files. A race condition in the Solaris ps command allows an attacker to overwrite critical files.

CVE-1999-1580 [HIGH] CVE-1999-1580: SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows loca SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.

CVE-1999-1080 [HIGH] CVE-1999-1080: rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentati rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specif

CVE-1999-1388 [MEDIUM] CVE-1999-1388: passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the - passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.

CVE-1999-0120 [HIGH] CVE-1999-0120: Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than r Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.

CVE-1999-0211 [MEDIUM] CVE-1999-0211: Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mount Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.

CVE-1999-0334 [HIGH] CVE-1999-0334: In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to o In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.

CVE-1999-1137 [LOW] CVE-1999-1137: The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any loc The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

CVE-1999-1318 [HIGH] CVE-1999-1318: /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directo /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.

CVE-1999-1507 [HIGH] CVE-1999-1507: Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on f Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.