Page 5 of 43 results (0.002 seconds)

CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 1

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option. • http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-21.html http://www.auscert.org.au/render.html?it=1853&cid=1978 http://www.cert.org/advisories/CA-95.11.sun.sendmail-oR.vul http://www.kb.cert.org/vuls/id/3278 http://www.securityfocus.com/bid/7829 •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1

passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument. • http://www.dataguard.no/bugtraq/1994_4/0755.html http://www2.dataguard.no/bugtraq/1994_2/0197.html http://www2.dataguard.no/bugtraq/1994_2/0207.html •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. • http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126 •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0

Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. • http://www.securityfocus.com/bid/24 https://vuls.cert.org/confluence/pages/viewpage.action?pageId=96665790 https://vuls.cert.org/confluence/pages/viewpage.action?pageId=97124517 https://vuls.cert.org/confluence/pages/viewpage.action?pageId=97124527 •

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. • http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba http://www.ciac.org/ciac/bulletins/e-01.shtml http://www.osvdb.org/6436 https://exchange.xforce.ibmcloud.com/vulnerabilities/549 •