CVE-2004-0481
https://notcve.org/view.php?id=CVE-2004-0481
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-57706-1 http://www.idefense.com/application/poi/display?id=206&type=vulnerabilities •
CVE-2005-0426
https://notcve.org/view.php?id=CVE-2005-0426
Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference. Vulnerabilidad desconocida en Solaris 8 y 9 permite a atacantes remotos provocar la Denegación de Servicio (DoS) mediante ""Heavy UDP Usage"" que lanza una referencia a NULL. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-57728-1 http://www.securityfocus.com/bid/12385 https://exchange.xforce.ibmcloud.com/vulnerabilities/19119 •
CVE-2005-0447
https://notcve.org/view.php?id=CVE-2005-0447
Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets. • http://secunia.com/advisories/14286 http://securitytracker.com/id?1013179 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57673-1 http://www.securityfocus.com/bid/12553 https://exchange.xforce.ibmcloud.com/vulnerabilities/19331 •
CVE-2005-0248
https://notcve.org/view.php?id=CVE-2005-0248
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts. • http://secunia.com/advisories/13803 http://securitytracker.com/id?1012860 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57717-1 http://www.ciac.org/ciac/bulletins/p-096.shtml http://www.securityfocus.com/bid/12260 https://exchange.xforce.ibmcloud.com/vulnerabilities/18868 •
CVE-2004-2686 – Sun Solaris 2.6/7.0/8/9 - vfs_getvfssw function Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-2686
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. • https://www.exploit-db.com/exploits/23874 http://seclists.org/bugtraq/2004/Apr/0081.html http://securitytracker.com/id?1008833 http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-04/0297.html http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf http://www.securityfocus.com/bid/9962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1381 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •