CVE-2005-2072 – Solaris 9/10 - 'ld.so' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-2072
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. • https://www.exploit-db.com/exploits/1073 https://www.exploit-db.com/exploits/1074 http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html http://secunia.com/advisories/15841 http://securitytracker.com/id?1014537 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1 http://www.opensolaris.org/jive/thread • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-2071 – Sun Solaris 10 Traceroute - Multiple Local Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-2071
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot). • https://www.exploit-db.com/exploits/25896 http://marc.info/?l=bugtraq&m=111963068714114&w=2 http://marc.info/?l=bugtraq&m=111963809801731&w=2 http://marc.info/?l=bugtraq&m=111964580023012&w=2 http://secunia.com/advisories/17708 http://securitytracker.com/id?1015261 http://sunsolve.sun.com/search/document.do? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-1887
https://notcve.org/view.php?id=CVE-2005-1887
Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges. • http://secunia.com/advisories/15613 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101740-1 http://www.osvdb.org/17099 http://www.vupen.com/english/advisories/2005/0690 https://exchange.xforce.ibmcloud.com/vulnerabilities/20874 •
CVE-2004-0790 – Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service (MS05-019)
https://notcve.org/view.php?id=CVE-2004-0790
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. • https://www.exploit-db.com/exploits/948 https://www.exploit-db.com/exploits/25389 https://www.exploit-db.com/exploits/942 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt http://marc.info/?l=bugtraq&m=112861397904255&w=2 http://secunia.com/advisories/18317 http://secunia.com/advisories/22341 http://securityreason.com/securityalert/19 http://securityreason.com/securityalert/57 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1 htt •
CVE-2004-0791 – Multiple Vendor ICMP Implementation - Spoofed Source Quench Packet Denial of Service
https://notcve.org/view.php?id=CVE-2004-0791
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. • https://www.exploit-db.com/exploits/25387 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt http://marc.info/?l=bugtraq&m=112861397904255&w=2 http://secunia.com/advisories/18317 http://securityreason.com/securityalert/19 http://securityreason.com/securityalert/57 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1 http://www.gont.com.ar/drafts/icmp-attacks-against-tcp. •