CVE-2008-5689 – Linux Kernel (Solaris 10 / < 5.10 138888-01) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-5689
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference. Tun en IP Tunnel en Solaris 10 y OpenSolaris snv_01 a snv_76 permite a usuarios locales causar una denegación de servicio (causando un panic del sistema) y, posiblemente, ejecutar código arbitrario a través de una solicitud SIOCGTUNPARAM IOCTL modificada, que ocasiona una desreferencia a un puntero NULL. • https://www.exploit-db.com/exploits/15962 http://secunia.com/advisories/33160 http://securityreason.com/securityalert/4801 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242266-1 http://www.exploit-db.com/exploits/15962 http://www.securityfocus.com/archive/1/499352/100/0/threaded http://www.securityfocus.com/bid/32904 http://www.securitytracker.com/id?1021464 http://www.trapkit.de/advisories/TKADV2008-015.txt http://www.vupen.com/english/advisories/2008/3454 https& • CWE-399: Resource Management Errors •
CVE-2008-5690
https://notcve.org/view.php?id=CVE-2008-5690
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. La funcionalidad de renovación de credenciales de Kerberos en Sun Solaris versiones 8, 9 y 10, y OpenSolaris build snv_01 hasta snv_104, permite a usuarios locales causar una denegación de servicio (fallo de autenticación) por medio de vectores no especificados relacionados con permisos incorrectos de archivos de caché y falta de almacenamiento de credenciales por parte de la función store_cred en pam_krb5. • http://secunia.com/advisories/33042 http://secunia.com/advisories/33313 http://sunsolve.sun.com/search/document.do?assetkey=1-21-112908-33-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-244866-1 http://support.avaya.com/elmodocs2/security/ASA-2008-515.htm http://www.securityfocus.com/bid/32793 http://www.securitytracker.com/id?1021390 http://www.vupen.com/english/advisories/2008/3428 https://exchange.xforce.ibmcloud.com/vulnerabilities/47291 https://oval.cisecurity • CWE-255: Credentials Management Errors •
CVE-2008-5661
https://notcve.org/view.php?id=CVE-2008-5661
The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference. La característica IPv4 Forwarding en Sun Solaris v10 y OpenSolaris desde snv_47 hasta snv_82, con ciertos parches instalados, permite a atacantes remotos producir una denegacion de servicio (pánico) a través de vectores desconocidos que disparan una referencia a puntero nula. • http://secunia.com/advisories/33148 http://sunsolve.sun.com/search/document.do?assetkey=1-26-241126-1 http://www.securityfocus.com/bid/32861 http://www.securitytracker.com/id?1021413 https://exchange.xforce.ibmcloud.com/vulnerabilities/47378 • CWE-399: Resource Management Errors •
CVE-2008-5550
https://notcve.org/view.php?id=CVE-2008-5550
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. Vulnerabilidad involuntaria de redirección en console/faces/jsp/login/BeginLogin.jsp en Sun Java Web Console v3.0.2 a v3.0.5 y Solaris 10 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y realizar ataques de phising a través del parámetro redirect_url. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1 http://www.securityfocus.com/bid/32771 https://exchange.xforce.ibmcloud.com/vulnerabilities/47257 •
CVE-2008-5422
https://notcve.org/view.php?id=CVE-2008-5422
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. Sun Sun Ray Server Software v3.1 a v4.0 no restringe el acceso apropiadamente, lo que permite a atacantes remotos descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y la Administration GUI, mediante vectores no especificados. • http://secunia.com/advisories/33108 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1 http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm http://www.securityfocus.com/bid/32769 http://www.securitytracker.com/id?1021383 http://www.vupen.com/english/advisories/2008/3406 https://exchange.xforce.ibmcloud.com/vulnerabilities/47253 • CWE-264: Permissions, Privileges, and Access Controls •