Solaris Sun Solaris

Do you want an email whenever new security vulnerabilities are reported in Sun Solaris?

By the Year

In 2024 there have been 0 vulnerabilities in Sun Solaris . Solaris did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Solaris vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Sun Solaris Security Vulnerabilities

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands

CVE-2003-0466 9.8 - Critical - August 27, 2003

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

off-by-five

Integer overflow in xdr_array function in RPC servers for operating systems

CVE-2002-0391 9.8 - Critical - August 12, 2002

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Integer Overflow or Wraparound

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems

CVE-2001-0554 - August 14, 2001

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Classic Buffer Overflow

Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1

CVE-1999-1588 - December 31, 1999

Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

CVE-1999-0982 - December 05, 1999

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

Buffer overflow in Solaris libc, ufsrestore, and rcp

CVE-1999-0767 - September 08, 1999

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

rpc.admind in Solaris is not running in a secure mode.

CVE-1999-0568 - January 01, 1999

rpc.admind in Solaris is not running in a secure mode.

Buffer overflow in Solaris kcms_configure command

CVE-1999-0321 - December 01, 1998

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

A hidden SNMP community string in HP OpenView

CVE-1999-0254 - November 02, 1998

A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.

Buffer overflow in the libauth library in Solaris

CVE-1999-0339 - August 01, 1998

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

CVE-1999-0213 - July 15, 1998

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

CVE-1999-0303 - May 21, 1998

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

A Unix account has a default

CVE-1999-0502 - March 01, 1998

A Unix account has a default, null, blank, or missing password.

The NIS+ rpc.nisd server

CVE-1999-0795 - March 01, 1998

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack

CVE-1999-0513 - January 05, 1998

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g

CVE-1999-0097 - October 29, 1997

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

DNS cache poisoning

CVE-1999-0024 - August 13, 1997

DNS cache poisoning via BIND, by predictable query IDs.

Buffer overflow in Xt library of X Windowing System

CVE-1999-0040 - May 01, 1997

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in xlock program

CVE-1999-0038 - April 26, 1997

Buffer overflow in xlock program allows local users to execute commands as root.

Buffer overflow in xmcd 2.0p12

CVE-1999-0318 - March 01, 1997

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

NFS cache poisoning.

CVE-1999-0165 - March 01, 1997

NFS cache poisoning.

Buffer overflow of rlogin program using TERM environmental variable.

CVE-1999-0046 - February 06, 1997

Buffer overflow of rlogin program using TERM environmental variable.

Classic Buffer Overflow

Arbitrary file creation and program execution using FLEXlm LicenseManager

CVE-1999-0051 - January 06, 1997

Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.

Sendmail allows local users to write to a file and gain group permissions

CVE-1999-0129 - December 03, 1996

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

admintool in Solaris

CVE-1999-0135 - July 25, 1996

admintool in Solaris allows a local user to write to arbitrary files and gain root access.

Local user gains root privileges

CVE-1999-0022 - July 03, 1996

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g

CVE-1999-0241 - November 01, 1995

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

Buffer overflow in syslog utility

CVE-1999-0099 - October 19, 1995

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

In Solaris 2.2 and 2.3, when fsck fails on startup, it

CVE-1999-0334 - December 16, 1993

In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Sunos or by Sun? Click the Watch button to subscribe.

Sun
Vendor

Sun Solaris
Product

subscribe