| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. |
| A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
| NFS cache poisoning. |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. |
| Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. |
| The SunView (SunTools) selection_svc facility allows remote users to read files. |
| Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. |
| Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. |
| libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. |
| Denial of service by sending forged ICMP unreachable packets. |
| Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. |
| Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. |
| 64 bit Solaris 7 procfs allows local users to perform a denial of service. |
| Solaris ff.core allows local users to modify files. |
| rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
| A Unix account has a default, null, blank, or missing password. |
| sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. |
