Sun Solaris

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands

CVE-2003-0466 9.8 - Critical - August 27, 2003

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

off-by-five

Integer overflow in xdr_array function in RPC servers for operating systems

CVE-2002-0391 9.8 - Critical - August 12, 2002

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Integer Overflow or Wraparound

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems

CVE-2001-0554 - August 14, 2001

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Classic Buffer Overflow

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

CVE-1999-0982 - December 05, 1999

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

Buffer overflow in Solaris libc, ufsrestore, and rcp

CVE-1999-0767 - September 08, 1999

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

rpc.admind in Solaris is not running in a secure mode.

CVE-1999-0568 - January 01, 1999

rpc.admind in Solaris is not running in a secure mode.

Buffer overflow in Solaris kcms_configure command

CVE-1999-0321 - December 01, 1998

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

A hidden SNMP community string in HP OpenView

CVE-1999-0254 - November 02, 1998

A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.

Buffer overflow in the libauth library in Solaris

CVE-1999-0339 - August 01, 1998

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

CVE-1999-0213 - July 15, 1998

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

CVE-1999-0303 - May 21, 1998

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

A Unix account has a default

CVE-1999-0502 - March 01, 1998

A Unix account has a default, null, blank, or missing password.

The NIS+ rpc.nisd server

CVE-1999-0795 - March 01, 1998

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack

CVE-1999-0513 - January 05, 1998

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g

CVE-1999-0097 - October 29, 1997

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

DNS cache poisoning

CVE-1999-0024 - August 13, 1997

DNS cache poisoning via BIND, by predictable query IDs.

Buffer overflow in Xt library of X Windowing System

CVE-1999-0040 - May 01, 1997

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in xlock program

CVE-1999-0038 - April 26, 1997

Buffer overflow in xlock program allows local users to execute commands as root.

NFS cache poisoning.

CVE-1999-0165 - March 01, 1997

NFS cache poisoning.

Buffer overflow in xmcd 2.0p12

CVE-1999-0318 - March 01, 1997

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

Buffer overflow of rlogin program using TERM environmental variable.

CVE-1999-0046 - February 06, 1997

Buffer overflow of rlogin program using TERM environmental variable.

Classic Buffer Overflow

Arbitrary file creation and program execution using FLEXlm LicenseManager

CVE-1999-0051 - January 06, 1997

Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.

Sendmail allows local users to write to a file and gain group permissions

CVE-1999-0129 - December 03, 1996

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

admintool in Solaris

CVE-1999-0135 - July 25, 1996

admintool in Solaris allows a local user to write to arbitrary files and gain root access.

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g

CVE-1999-0241 - November 01, 1995

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

Buffer overflow in syslog utility

CVE-1999-0099 - October 19, 1995

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

In Solaris 2.2 and 2.3, when fsck fails on startup, it

CVE-1999-0334 - December 16, 1993

In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.