| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. |
| Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. |
| FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. |
| Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed. |
| CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure. |
| CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. |
| Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). |
| DNS cache poisoning via BIND, by predictable query IDs. |
| Buffer overflow of rlogin program using TERM environmental variable. |
| Vacation program allows command execution by remote users through a sendmail command. |
| The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). |
| Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. |
| Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. |
| Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. |
| A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. |
| Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. |
| Solaris volrmmount program allows attackers to read any file. |
| SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. |