CVE-2004-2686 – Sun Solaris 2.6/7.0/8/9 - vfs_getvfssw function Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-2686
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. • https://www.exploit-db.com/exploits/23874 http://seclists.org/bugtraq/2004/Apr/0081.html http://securitytracker.com/id?1008833 http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-04/0297.html http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf http://www.securityfocus.com/bid/9962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1381 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2004-1767
https://notcve.org/view.php?id=CVE-2004-1767
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-57479-1 http://www.kb.cert.org/vuls/id/702526 http://www.securityfocus.com/bid/9477 https://exchange.xforce.ibmcloud.com/vulnerabilities/14917 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4532 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2004-0780
https://notcve.org/view.php?id=CVE-2004-0780
Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument. • http://secunia.com/advisories/18371 http://secunia.com/advisories/19087 http://securitytracker.com/id?1015455 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101933-1 http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm http://www.idefense.com/intelligence/vulnerabilities/display.php?id=366 http://www.securityfocus.com/bid/16193 http://www.vupen.com/english/advisories/2006/0113 https://exchange.xforce.ibmcloud.com/vulnerabilities/24045 •
CVE-2004-2306
https://notcve.org/view.php?id=CVE-2004-2306
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-57483-1 http://www.ciac.org/ciac/bulletins/o-070.shtml http://www.securityfocus.com/bid/13724 https://exchange.xforce.ibmcloud.com/vulnerabilities/15042 •
CVE-2004-1307
https://notcve.org/view.php?id=CVE-2004-1307
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true http://www.kb.cert.org/vuls/id/539110 http://www.us-cert.gov/cas/techalerts/TA05-136A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175 https: •