Sunos
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sunos.
By the Year
In 2025 there have been 0 vulnerabilities in Sunos. Sunos did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Sunos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sunos Security Vulnerabilities
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which
CVE-2007-0882
- February 12, 2007
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
Argument Injection
Buffer overflow in Sendmail 5.79 to 8.12.7
CVE-2002-1337
- March 07, 2003
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Classic Buffer Overflow
Integer overflow in xdr_array function in RPC servers for operating systems
CVE-2002-0391
9.8 - Critical
- August 12, 2002
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
Integer Overflow or Wraparound
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file
CVE-2001-1583
- December 31, 2001
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
Shell injection
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems
CVE-2001-0554
- August 14, 2001
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Classic Buffer Overflow
Buffer overflow in Solaris libc, ufsrestore, and rcp
CVE-1999-0767
- September 08, 1999
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
Buffer overflow in the libauth library in Solaris
CVE-1999-0339
- August 01, 1998
Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
CVE-1999-0213
- July 15, 1998
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
CVE-1999-0303
- May 21, 1998
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
Solaris ufsrestore buffer overflow.
CVE-1999-0069
- April 29, 1998
Solaris ufsrestore buffer overflow.
The NIS+ rpc.nisd server
CVE-1999-0795
- March 01, 1998
The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.
A Unix account has a default
CVE-1999-0502
- March 01, 1998
A Unix account has a default, null, blank, or missing password.
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack
CVE-1999-0513
- January 05, 1998
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
Denial of service through Solaris 2.5.1 telnet by sending ^D characters.
CVE-1999-0273
- January 01, 1998
Denial of service through Solaris 2.5.1 telnet by sending ^D characters.
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client
CVE-1999-0017
- December 10, 1997
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g
CVE-1999-0097
- October 29, 1997
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
DNS cache poisoning
CVE-1999-0024
- August 13, 1997
DNS cache poisoning via BIND, by predictable query IDs.
Command execution in Sun systems
CVE-1999-0033
- June 12, 1997
Command execution in Sun systems via buffer overflow in the at program.
Buffer overflow in Xt library of X Windowing System
CVE-1999-0040
- May 01, 1997
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
Buffer overflow in xlock program
CVE-1999-0038
- April 26, 1997
Buffer overflow in xlock program allows local users to execute commands as root.
Buffer overflow in xmcd 2.0p12
CVE-1999-0318
- March 01, 1997
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
Buffer overflow of rlogin program using TERM environmental variable.
CVE-1999-0046
- February 06, 1997
Buffer overflow of rlogin program using TERM environmental variable.
Classic Buffer Overflow
Buffer overflow in Solaris getopt in libc
CVE-1999-0966
- January 27, 1997
Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].
Arbitrary file creation and program execution using FLEXlm LicenseManager
CVE-1999-0051
- January 06, 1997
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
An SNMP community name is the default (e.g
CVE-1999-0517
- January 01, 1997
An SNMP community name is the default (e.g. public), null, or missing.
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.
CVE-1999-0217
- January 01, 1997
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
CVE-1999-0345
- January 01, 1997
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
Oversized ICMP ping packets
CVE-1999-0128
- December 18, 1996
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
Sendmail allows local users to write to a file and gain group permissions
CVE-1999-0129
- December 03, 1996
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
The WorkMan program
CVE-1999-0277
- October 28, 1996
The WorkMan program can be used to overwrite any file to get root access.
Kodak Color Management System (KCMS) on Solaris
CVE-1999-0136
- July 31, 1996
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.
admintool in Solaris
CVE-1999-0135
- July 25, 1996
admintool in Solaris allows a local user to write to arbitrary files and gain root access.
Local user gains root privileges
CVE-1999-0023
- July 24, 1996
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
Local user gains root privileges
CVE-1999-0022
- July 03, 1996
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
pcnfsd (aka rpc.pcnfsd)
CVE-1999-0078
- April 18, 1996
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Kerberos 4 key servers
CVE-1999-0143
- February 21, 1996
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g
CVE-1999-0241
- November 01, 1995
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
Buffer overflow in syslog utility
CVE-1999-0099
- October 19, 1995
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
Extra long export lists over 256 characters in some mount daemons
CVE-1999-0211
- February 14, 1994
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.
In Solaris 2.2 and 2.3, when fsck fails on startup, it
CVE-1999-0334
- December 16, 1993
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
Denial of service by sending forged ICMP unreachable packets.
CVE-1999-0214
- July 21, 1992
Denial of service by sending forged ICMP unreachable packets.
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication
CVE-1999-0168
- June 04, 1992
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.
In SunOS
CVE-1999-0167
- December 06, 1991
In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.