CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 5CVE-2005-2072 – Solaris 9/10 - 'ld.so' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-2072
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. • https://www.exploit-db.com/exploits/1073 https://www.exploit-db.com/exploits/1074 http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html http://secunia.com/advisories/15841 http://securitytracker.com/id?1014537 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1 http://www.opensolaris.org/jive/thread • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2005-2032
https://notcve.org/view.php?id=CVE-2005-2032
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. • http://secunia.com/advisories/15723 http://securitytracker.com/id?1014218 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101768-1 http://www.securityfocus.com/bid/13968 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2005-0488
https://notcve.org/view.php?id=CVE-2005-0488
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. • http://idefense.com/application/poi/display?id=260&type=vulnerabilities http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://secunia.com/advisories/17135 http://secunia.com/advisories/21253 http://securitytracker.com/id?1014203 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1 http://sunsolve.sun.com/search/document.do? •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2005-1591
https://notcve.org/view.php?id=CVE-2005-1591
Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-57780-1 http://www.vupen.com/english/advisories/2005/0492 •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2005-1518
https://notcve.org/view.php?id=CVE-2005-1518
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-57786-1 http://www.vupen.com/english/advisories/2005/0517 •