Sun Solaris
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sun Solaris.
By the Year
In 2025 there have been 0 vulnerabilities in Sun Solaris. Solaris did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Solaris vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sun Solaris Security Vulnerabilities
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands
CVE-2003-0466
9.8 - Critical
- August 27, 2003
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
off-by-five
Integer overflow in xdr_array function in RPC servers for operating systems
CVE-2002-0391
9.8 - Critical
- August 12, 2002
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
Integer Overflow or Wraparound
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems
CVE-2001-0554
- August 14, 2001
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Classic Buffer Overflow
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1
CVE-1999-1588
- December 31, 1999
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
CVE-1999-0982
- December 05, 1999
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
Buffer overflow in Solaris libc, ufsrestore, and rcp
CVE-1999-0767
- September 08, 1999
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
rpc.admind in Solaris is not running in a secure mode.
CVE-1999-0568
- January 01, 1999
rpc.admind in Solaris is not running in a secure mode.
Buffer overflow in Solaris kcms_configure command
CVE-1999-0321
- December 01, 1998
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
A hidden SNMP community string in HP OpenView
CVE-1999-0254
- November 02, 1998
A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.
In Solaris, an SNMP subagent has a default community string
CVE-1999-0186
- October 01, 1998
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.
Buffer overflow in the libauth library in Solaris
CVE-1999-0339
- August 01, 1998
Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
CVE-1999-0213
- July 15, 1998
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
CVE-1999-0303
- May 21, 1998
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
The NIS+ rpc.nisd server
CVE-1999-0795
- March 01, 1998
The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.
A Unix account has a default
CVE-1999-0502
- March 01, 1998
A Unix account has a default, null, blank, or missing password.
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack
CVE-1999-0513
- January 05, 1998
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g
CVE-1999-0097
- October 29, 1997
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
DNS cache poisoning
CVE-1999-0024
- August 13, 1997
DNS cache poisoning via BIND, by predictable query IDs.
Buffer overflow in Xt library of X Windowing System
CVE-1999-0040
- May 01, 1997
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
Buffer overflow in xlock program
CVE-1999-0038
- April 26, 1997
Buffer overflow in xlock program allows local users to execute commands as root.
NFS cache poisoning.
CVE-1999-0165
- March 01, 1997
NFS cache poisoning.
Buffer overflow in xmcd 2.0p12
CVE-1999-0318
- March 01, 1997
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
Buffer overflow of rlogin program using TERM environmental variable.
CVE-1999-0046
- February 06, 1997
Buffer overflow of rlogin program using TERM environmental variable.
Classic Buffer Overflow
Arbitrary file creation and program execution using FLEXlm LicenseManager
CVE-1999-0051
- January 06, 1997
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
Sendmail allows local users to write to a file and gain group permissions
CVE-1999-0129
- December 03, 1996
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
admintool in Solaris
CVE-1999-0135
- July 25, 1996
admintool in Solaris allows a local user to write to arbitrary files and gain root access.
Local user gains root privileges
CVE-1999-0022
- July 03, 1996
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g
CVE-1999-0241
- November 01, 1995
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
Buffer overflow in syslog utility
CVE-1999-0099
- October 19, 1995
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
In Solaris 2.2 and 2.3, when fsck fails on startup, it
CVE-1999-0334
- December 16, 1993
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sunos or by Sun? Click the Watch button to subscribe.
