| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. |
| Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. |
| Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap. |
| Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
| Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. |
| Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. |
| The SunView (SunTools) selection_svc facility allows remote users to read files. |
| Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. |
| Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. |
| Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. |
| The WorkMan program can be used to overwrite any file to get root access. |
| Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. |
| lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. |
| Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. |
| Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. |
| sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter. |
| rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. |