Sun ≫ Sunos

useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

Buffer overflow in Solaris lpset program allows local users to gain root access.

Buffer overflow in Solaris dtprintinfo program.

64 bit Solaris 7 procfs allows local users to perform a denial of service.

Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.

The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.

Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.

In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.