CVE-2006-3968
https://notcve.org/view.php?id=CVE-2006-3968
The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified. El proveedor crypto en Sun Solaris 10 3/05 HW2 sin el parche 121236-01, cuando funciona bajo plataformas Sun Fire T2000, verifica incorrectamente una firma DSA, lo cual puede evitar que las aplicaciones detecten que los datos se han modificado. • http://secunia.com/advisories/21279 http://securitytracker.com/id?1016625 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102543-1 http://www.securityfocus.com/bid/19291 http://www.vupen.com/english/advisories/2006/3103 https://exchange.xforce.ibmcloud.com/vulnerabilities/28201 •
CVE-2006-3920
https://notcve.org/view.php?id=CVE-2006-3920
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. La implementación TCP en Sun Solaris 8, 9, y 10 anterior a 20060726 permite a atacantes remotos provocar denegación de servicio (agotamiento de recursos) a través de una paquete TCP con secuencias de números incorrectos, lo cual dispara una tormenta de ACK. • http://secunia.com/advisories/21226 http://secunia.com/advisories/22425 http://securitytracker.com/id?1016589 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102206-1 http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm http://www.vupen.com/english/advisories/2006/2997 https://exchange.xforce.ibmcloud.com/vulnerabilities/28048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1374 •
CVE-2006-3825
https://notcve.org/view.php?id=CVE-2006-3825
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. La implementación IPv4 en Sun Solaris 10 anterior a 21/07/2006 permite a usuarios locales elegir rutas que difieren de la tabla de rutas, posiblemente facilitando el rodeo de cortafuegos o la comunicación de red no autorizada. • http://secunia.com/advisories/21163 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102509-1 http://www.securityfocus.com/bid/19108 http://www.vupen.com/english/advisories/2006/2937 https://exchange.xforce.ibmcloud.com/vulnerabilities/27935 •
CVE-2006-3824 – Solaris 10 - 'sysinfo()' Local Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2006-3824
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow. systeminfo.c para Sun Solaris permite a usuarios locales leer memoria del núcleo mediante un valor 0 para el argumento de número de variables en la llamada al sistema sysinfo, lo cual provoca que se utilice un argumento -1 en la función copyout. NOTA: este problema ha sido referido como un desbordamiento superior de entero, pero probablemente se parece más a un error de presencia de signo o un desbordamiento inferior de entero. • https://www.exploit-db.com/exploits/2067 https://www.exploit-db.com/exploits/2241 http://secunia.com/advisories/21148 http://securitytracker.com/id?1016555 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102343-1 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=410 http://www.securityfocus.com/archive/1/440849/100/100/threaded http://www.securityfocus.com/archive/1/440986/100/100/threaded http://www.securityfocus.com/bid/19104 http://www.vupen •
CVE-2006-3782
https://notcve.org/view.php?id=CVE-2006-3782
Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors. Vulnerabilidad no especificada en el kernel debugger (kmdb) en Sun Solaris 10, cuando funciona bajo x86, permite a usuarios locales provocar denegación de servicio (cuelgue del sistema) a través de vectores no especificados. • http://secunia.com/advisories/21133 http://securitytracker.com/id?1016540 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102512-1 http://www.securityfocus.com/bid/19080 http://www.vupen.com/english/advisories/2006/2886 https://exchange.xforce.ibmcloud.com/vulnerabilities/27844 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2223 •