CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2008-2710
https://notcve.org/view.php?id=CVE-2008-2710
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison. Error de presencia de signo entero en la función ip_set_srcfilter en el IP Multicast Filter en uts/common/inet/ip/ip_multi.c en el kernel de Sun Solaris 10 y OpenSolaris anterior a snv_92, permite a usuarios locales ejecutar código de su elección en otras "Solaris Zones" a través de una petición SIOCSIPMSFILTER IOCTL con un valor largo del campo imsf->imsf_numsrc, que dispara una escritura de memoria del kernel fuera de rango. NOTA: esto ha sido reportado como un desbordamiento de entero, pero el origen del problema implica una comparación de signo que no se realiza. • http://secunia.com/advisories/30693 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237965-1 http://www.securityfocus.com/bid/29699 http://www.securitytracker.com/id?1020283 http://www.trapkit.de/advisories/TKADV2008-003.txt http://www.vupen.com/english/advisories/2008/1832/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5731 • CWE-189: Numeric Errors •
CVSS: 4.0EPSS: 1%CPEs: 95EXPL: 0CVE-2006-5201
https://notcve.org/view.php?id=CVE-2006-5201
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. Múltiples paquetes sobre Sun Solaris, incluyendo (1) NSS; (2) Java JDK and JRE 5.0 Update 8 y anteriores, SDK y JRE 1.4.x hasta 1.4.2_12, y SDK y JRE 1.3.x hasta 1.3.1_19; (3) JSSE 1.0.3_03 y anteriores; (4) IPSec/IKE; (5) Secure Global Desktop; y (6) StarOffice, cuando se usa una llave RSA con un exponente 3, elimina el relleno PKCS-1 antes de generar un hash, lo cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que esta firmada por una llave RSA y evita que estos productos verifiquen correctamente X.509 y otros certificados que utilicen PKCS #1. • http://secunia.com/advisories/22204 http://secunia.com/advisories/22226 http://secunia.com/advisories/22325 http://secunia.com/advisories/22992 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.kb.cert.org/vuls/id/845620 http://www.vupen.com/english/advisories/2006/3898 http://www.vupen.com/english/advisories/2006&# •
CVSS: 5.0EPSS: 96%CPEs: 9EXPL: 2CVE-2005-4797 – Solaris LPD Arbitrary File Delete
https://notcve.org/view.php?id=CVE-2005-4797
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command. • http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pm http://secunia.com/advisories/16367 http://securitytracker.com/id?1014635 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101842-1 http://www.ciac.org/ciac/bulletins/p-280.shtml http://www.osvdb.org/18650 http://www.securityfocus.com/bid/14510 http://www.vupen.com/english/advisories/2005/1342 https://exchange.xforce.ibmcloud.com/vulnerabilities/21773 •
CVSS: 3.6EPSS: 0%CPEs: 14EXPL: 0CVE-2005-4796
https://notcve.org/view.php?id=CVE-2005-4796
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-100881-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-27525-1 http://www.ciac.org/ciac/bulletins/p-264.shtml http://www.osvdb.org/18809 http://www.securityfocus.com/bid/13016 •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2005-2032
https://notcve.org/view.php?id=CVE-2005-2032
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. • http://secunia.com/advisories/15723 http://securitytracker.com/id?1014218 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101768-1 http://www.securityfocus.com/bid/13968 •