Sun ≫ Sunos

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

A race condition in the Solaris ps command allows an attacker to overwrite critical files.

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.

rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-RO...

passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.

Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.

Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.