CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVE-2008-4556 – Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-4556
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. Desbordamiento de búfer basado en la pila, en la función adm_build_path de sadmind en Solstice AdminSuite de Sun, en Solaris 8 y 9, permite a un atacante remoto ejecutar código de su elección por medio de una petición manipulada. • https://www.exploit-db.com/exploits/6786 https://www.exploit-db.com/exploits/9920 https://www.exploit-db.com/exploits/16325 http://osvdb.org/50019 http://risesecurity.org/advisories/RISE-2008001.txt http://secunia.com/advisories/32283 http://secunia.com/advisories/32812 http://securityreason.com/securityalert/4408 http://sunsolve.sun.com/search/document.do?assetkey=1-26-245806-1 http://support.avaya.com/elmodocs2/security/ASA-2008-448.htm http://www.securityfocus.com/archi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-4160
https://notcve.org/view.php?id=CVE-2008-4160
Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation. Vulnerabilidad sin especificar en el módulo UFS en Sun Solaris v8 a la v10 y OpenSolaris, permite a usuarios locales provocar una denegación de servicio (puntero a referencia NULL y kernel panic) a través de vectores desconocidos relacionados con la implementación de la Lista de control de Acceso (ACL - Solaris Access Control List). • http://secunia.com/advisories/31919 http://secunia.com/advisories/32125 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242267-1 http://support.avaya.com/elmodocs2/security/ASA-2008-383.htm http://www.securityfocus.com/bid/31250 http://www.securitytracker.com/id?1020899 http://www.vupen.com/english/advisories/2008/2626 https://exchange.xforce.ibmcloud.com/vulnerabilities/45236 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5639 • CWE-399: Resource Management Errors •
CVE-2008-4131 – Sun Solaris 9/10 Text Editors - Command Execution
https://notcve.org/view.php?id=CVE-2008-4131
Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs. Múltiples vulnerabilidades inespecíficas en Sun Solaris 8 a 10 permite a atacantes remotos aumentar privilegios a través de vectores relacionados con el manejo de etiquetas con la opcion (1) -t y (2) el comando :tag en los programas (a) vi, (b) ex, (c) vedit, (d) view, y (e) edit. • https://www.exploit-db.com/exploits/32393 http://secunia.com/advisories/31895 http://secunia.com/advisories/31907 http://securitytracker.com/id?1020898 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237987-1 http://support.avaya.com/elmodocs2/security/ASA-2008-387.htm http://www.securityfocus.com/bid/31229 http://www.vupen.com/english/advisories/2008/2614 https://exchange.xforce.ibmcloud.com/vulnerabilities/45218 https://oval.cisecurity.org/repository/search/definition/oval • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3875
https://notcve.org/view.php?id=CVE-2008-3875
The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls. El núcleo de Sun Solaris 8 hasta 10 y OpenSolaris anterior a snv_90, permite a usuarios locales evitar chroot, zones y la política de seguridad multi nivel de Solaris Trusted Extensions, y establecer un canal de comunicación encubierto, a través de vectores no especificados que incluyen llamadas al sistema. • http://secunia.com/advisories/31667 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240706-1 http://www.securityfocus.com/bid/30880 http://www.securitytracker.com/id?1020780 http://www.vupen.com/english/advisories/2008/2460 https://exchange.xforce.ibmcloud.com/vulnerabilities/44753 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5453 • CWE-264: Permissions, Privileges, and Access Controls •