CVSS: 5.8EPSS: 1%CPEs: 2EXPL: 0CVE-2006-7140
https://notcve.org/view.php?id=CVE-2006-7140
The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. La biblioteca libike, tal y como se usa en in.iked, elfsign, y kcfd en Sun Solaris 9 y 10, cuando usan una clave RSA con exponente 3, borra caracterés de relleno PKCS-1 antes de genear la función resumen (hash), lo cual permite a atacantes remotos falsificar una firma PKCS #1 v1.5 que se ha firmado con esa clave RSA y evita a libike que verifique correctamente certificados X.509 y otros, que usen PKCS #1, vulnerabilidad similar a CVE-2006-4339. • http://secunia.com/advisories/23104 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1 http://www.vupen.com/english/advisories/2006/4744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1648 •
CVSS: 7.8EPSS: 33%CPEs: 3EXPL: 0CVE-2006-7028
https://notcve.org/view.php?id=CVE-2006-7028
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error. Sistemas de una sola CPU Sun corriendo bajo Solaris 7, 8 o 9, como el Netra, permiten a atacantes remotos provocar una denegación de servicio (cuelgue de consola) mediante una inundación de pequeños paquetes TCP/IP. NOTA: esta vulnerabilidad no ha sido repetida por terceras partes. • http://www.securityfocus.com/archive/1/434449/30/4890/threaded http://www.securityfocus.com/archive/1/434920/30/4890/threaded http://www.securityfocus.com/archive/1/435107/30/4710/threaded http://www.securityfocus.com/archive/1/435146/30/4890/threaded •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0895
https://notcve.org/view.php?id=CVE-2007-0895
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. Condición de carrera en el borrado de directorios recursivo con las opciones (1) -r o (2) -R en Solaris 8 hasta 10 anterior al 08/02/2007 permite a usuarios locales borrar ficheros y directorios como el usuario que está ejecutando rm moviéndose de directorio de bajo nivel a uno de mayor nivel mientras está siendo borrado, lo cual provoca que rm haga un chdir al directorio ".." que es de mayor nivel que lo esperado, posiblemente fuera del sistema de ficheros de root, un asunto relacionado con CVE-2002-0435. • http://secunia.com/advisories/24082 http://secunia.com/advisories/24405 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102782-1 http://support.avaya.com/elmodocs2/security/ASA-2007-102.htm http://www.osvdb.org/31880 http://www.vupen.com/english/advisories/2007/0543 https://exchange.xforce.ibmcloud.com/vulnerabilities/32399 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8272 •
CVSS: 10.0EPSS: 85%CPEs: 4EXPL: 5CVE-2007-0882 – Solaris 10/11 Telnet - Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-0882
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. La vulnerabilidad de inyección argumentos en el demonio telnet (in.telnetd) en Solaris versiones 10 y 11 (SunOS versiones 5.10 y 5.11) interpreta erróneamente ciertas secuencias "-f" del cliente como peticiones válidas para que el programa de inicio de sesión omita la autenticación, lo que permite a los atacantes remotos iniciar sesión en ciertas cuentas, como fue demostrado por la cuenta bin. • https://www.exploit-db.com/exploits/9918 https://www.exploit-db.com/exploits/16328 https://www.exploit-db.com/exploits/3293 http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html http://isc.sans.org/diary.html?storyid=2220 http://osvdb.org/31881 http://seclists.org/fulldisclosure/2007/Feb/0217.html http://secunia.com/advisories/24120 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 http://www.kb.cert.org/vuls/id/881872 ht • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0503
https://notcve.org/view.php?id=CVE-2007-0503
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en kcms_calibrate en Sun Solaris 8 y 9 anterior al 22/11/2007 permite a usuarios locales ejecutar comandos de su elección mediante vectores desconocidos. • http://osvdb.org/31598 http://secunia.com/advisories/23885 http://securitytracker.com/id?1017541 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102728-1 http://support.avaya.com/elmodocs2/security/ASA-2007-040.htm http://www.securityfocus.com/bid/22175 http://www.vupen.com/english/advisories/2007/0287 https://exchange.xforce.ibmcloud.com/vulnerabilities/31668 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1495 •