| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in NIS+, in Sun's rpc.nisd program. |
| Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference. |
| Buffer overflow in statd allows root privileges. |
| Buffer overflow of rlogin program using TERM environmental variable. |
| Sun's ftpd daemon can be subjected to a denial of service. |
| Buffer overflows in Sun libnsl allow root access. |
| Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. |
| Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. |
| In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. |
| Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. |
| libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. |
| nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. |
| Buffer overflow in SunOS/Solaris ps command. |
| SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. |
| Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. |
| Solaris ff.core allows local users to modify files. |
| rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
| Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable. |
