Sun ≫ Solaris

traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).

The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long ...

Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges.

Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.

Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.

The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.

Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.

Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.

Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.