Sunos Sunos

Do you want an email whenever new security vulnerabilities are reported in Sunos?

By the Year

In 2024 there have been 0 vulnerabilities in Sunos . Sunos did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Sunos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Sunos Security Vulnerabilities

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which

CVE-2007-0882 - February 12, 2007

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

Argument Injection

Buffer overflow in Sendmail 5.79 to 8.12.7

CVE-2002-1337 - March 07, 2003

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Classic Buffer Overflow

Integer overflow in xdr_array function in RPC servers for operating systems

CVE-2002-0391 9.8 - Critical - August 12, 2002

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Integer Overflow or Wraparound

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file

CVE-2001-1583 - December 31, 2001

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.

Shell injection

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems

CVE-2001-0554 - August 14, 2001

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Classic Buffer Overflow

Buffer overflow in Solaris libc, ufsrestore, and rcp

CVE-1999-0767 - September 08, 1999

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

Buffer overflow in the libauth library in Solaris

CVE-1999-0339 - August 01, 1998

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

CVE-1999-0213 - July 15, 1998

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

CVE-1999-0303 - May 21, 1998

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

The NIS+ rpc.nisd server

CVE-1999-0795 - March 01, 1998

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

A Unix account has a default

CVE-1999-0502 - March 01, 1998

A Unix account has a default, null, blank, or missing password.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack

CVE-1999-0513 - January 05, 1998

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

CVE-1999-0273 - January 01, 1998

Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client

CVE-1999-0017 - December 10, 1997

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g

CVE-1999-0097 - October 29, 1997

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

DNS cache poisoning

CVE-1999-0024 - August 13, 1997

DNS cache poisoning via BIND, by predictable query IDs.

Command execution in Sun systems

CVE-1999-0033 - June 12, 1997

Command execution in Sun systems via buffer overflow in the at program.

Buffer overflow in Xt library of X Windowing System

CVE-1999-0040 - May 01, 1997

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in xlock program

CVE-1999-0038 - April 26, 1997

Buffer overflow in xlock program allows local users to execute commands as root.

NFS cache poisoning.

CVE-1999-0165 - March 01, 1997

NFS cache poisoning.

Buffer overflow in xmcd 2.0p12

CVE-1999-0318 - March 01, 1997

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

Buffer overflow of rlogin program using TERM environmental variable.

CVE-1999-0046 - February 06, 1997

Buffer overflow of rlogin program using TERM environmental variable.

Classic Buffer Overflow

Buffer overflow in Solaris getopt in libc

CVE-1999-0966 - January 27, 1997

Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].

Arbitrary file creation and program execution using FLEXlm LicenseManager

CVE-1999-0051 - January 06, 1997

Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

CVE-1999-0345 - January 01, 1997

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.

CVE-1999-0217 - January 01, 1997

Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.

An SNMP community name is the default (e.g

CVE-1999-0517 - January 01, 1997

An SNMP community name is the default (e.g. public), null, or missing.

Oversized ICMP ping packets

CVE-1999-0128 - December 18, 1996

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Sendmail allows local users to write to a file and gain group permissions

CVE-1999-0129 - December 03, 1996

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

The WorkMan program

CVE-1999-0277 - October 28, 1996

The WorkMan program can be used to overwrite any file to get root access.

Kodak Color Management System (KCMS) on Solaris

CVE-1999-0136 - July 31, 1996

Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.

admintool in Solaris

CVE-1999-0135 - July 25, 1996

admintool in Solaris allows a local user to write to arbitrary files and gain root access.

Local user gains root privileges

CVE-1999-0023 - July 24, 1996

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

pcnfsd (aka rpc.pcnfsd)

CVE-1999-0078 - April 18, 1996

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Kerberos 4 key servers

CVE-1999-0143 - February 21, 1996

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g

CVE-1999-0241 - November 01, 1995

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

Buffer overflow in syslog utility

CVE-1999-0099 - October 19, 1995

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

Extra long export lists over 256 characters in some mount daemons

CVE-1999-0211 - February 14, 1994

Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.

In Solaris 2.2 and 2.3, when fsck fails on startup, it

CVE-1999-0334 - December 16, 1993

In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.

Denial of service by sending forged ICMP unreachable packets.

CVE-1999-0214 - July 21, 1992

Denial of service by sending forged ICMP unreachable packets.

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication

CVE-1999-0168 - June 04, 1992

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.

In SunOS

CVE-1999-0167 - December 06, 1991

In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Sunos or by Sun? Click the Watch button to subscribe.

Sun
Vendor

Sunos
Product

subscribe