| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. |
| lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. |
| rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. |
| In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. |
| Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. |
| Buffer overflow in Solaris fdformat command gives root access to local users. |
| Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack. |
| Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. |
| Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. |
| admintool in Solaris allows a local user to write to arbitrary files and gain root access. |
| Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. |
| Denial of service in BIND named via naptr. |
| SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. |
| In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files. |
| Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type. |
| Buffer overflow in SunOS/Solaris ps command. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option. |
| Denial of service in BIND by improperly closing TCP sessions via so_linger. |
| ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. |
