| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. |
| The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect. |
| Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files. |
| Buffer overflow in SunOS/Solaris ps command. |
| The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login. |
| Command execution in Sun systems via buffer overflow in the at program. |
| A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
| The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
| Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients. |
| The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands. |
| Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter. |
| Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable. |
| Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. |
| Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd. |
| The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. |
| Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg. |
| Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments. |
| Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766. |
| The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. |
| CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string. |
