| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| Solaris ufsrestore buffer overflow. |
| Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. |
| rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
| lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. |
| The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. |
| sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. |
| Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path. |
| Buffer overflow in BIND 8.2 via NXT records. |
| Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. |
| Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed. |
| Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. |
| CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure. |
| Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. |
| Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. |
| Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. |
| libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. |
