CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2006-6275
https://notcve.org/view.php?id=CVE-2006-6275
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals. Condición de carrera en el núcleo de Sun Solaris 8 hasta 10 permite a usuarios locales provocar una denegación de servicio (panic) a través de vectores no especificados, posiblemente relacionados con la función exitlwps y las señales SIGKILL y /proc PCAGENT. • http://secunia.com/advisories/23187 http://securitytracker.com/id?1017321 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102574-1 http://www.securityfocus.com/bid/21372 http://www.vupen.com/english/advisories/2006/4792 https://exchange.xforce.ibmcloud.com/vulnerabilities/30637 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1626 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 3CVE-2006-5726 – Sun Solaris 10 - 'UFS' Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-5726
alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures. alloccgblk en el sistema de ficheros UFS en Solaris 10 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) montando sistemas de ficheros UFS manipulados con estructuras mal formadas. • https://www.exploit-db.com/exploits/28911 http://projects.info-pull.com/mokb/MOKB-04-11-2006.html http://secunia.com/advisories/22714 http://www.securityfocus.com/bid/20919 http://www.vupen.com/english/advisories/2006/4357 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5396
https://notcve.org/view.php?id=CVE-2006-5396
The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system. La función tcp_fuse_rcv_drain del kernel de Solaris 10 anterior al 17/10/2006, cuando la Fusión de TCP está habilitada, permite a los usuarios locales causar la denegación de servicio (caída del sistema) mediante una petición de conexión TCP con ambos puntos finales en el mismo sistema. • http://secunia.com/advisories/22453 http://securitytracker.com/id?1017082 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102667-1 http://www.securityfocus.com/bid/20587 http://www.vupen.com/english/advisories/2006/4080 https://exchange.xforce.ibmcloud.com/vulnerabilities/29630 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2199 •
CVSS: 3.6EPSS: 0%CPEs: 3EXPL: 7CVE-2006-4842 – Solaris libnspr NSPR_LOG_FILE Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-4842
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. Las API 4.6.1 y 4.6.2 de Netscape Portable Runtime (NSPR), usadas en Sun Solaris 10, permiten variables de entorno definidas por el usuario para especificar ficheros de traza incluso cuando se ejecutan desde programas Setuid, que permiten a los usuarios locales crear o sobre-escribir ficheros de su elección. • https://www.exploit-db.com/exploits/2641 https://www.exploit-db.com/exploits/2543 https://www.exploit-db.com/exploits/2569 https://www.exploit-db.com/exploits/45433 https://www.exploit-db.com/exploits/28789 https://www.exploit-db.com/exploits/28788 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=418 http://secunia.com/advisories/22348 http://securitytracker.com/id?1017050 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1 http://w • CWE-20: Improper Input Validation •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5213
https://notcve.org/view.php?id=CVE-2006-5213
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation). Sun Solaris 10 anterior a 06/10/2006 usa "validaciones de permisos incorrectos e insuficienets" que permiten a un usuario local intereceptar o suplantar páquetes a través de la creación de un conector (socket) abierto sobre una agregación del enlace (agregación de dispositivo de red) • http://secunia.com/advisories/22246 http://secunia.com/advisories/22992 http://securitytracker.com/id?1017013 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102606-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.securityfocus.com/bid/20377 http://www.vupen.com/english/advisories/2006/3961 https://exchange.xforce.ibmcloud.com/vulnerabilities/29381 •