CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 2CVE-2003-0722 – Solaris Sadmind - Command Execution
https://notcve.org/view.php?id=CVE-2003-0722
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets. La instalación por defecto de sadmind en Solaris usa autenticación débil (AUTH_SYS), lo que permite a atacantes locales y remotos suplantar clientes de Solstice AdminSuite y ganar privilegios de root mediantes ciertas secuencias de paquetes RPC. • https://www.exploit-db.com/exploits/16324 https://www.exploit-db.com/exploits/101 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0115.html http://marc.info/?l=bugtraq&m=106391959014331&w=2 http://secunia.com/advisories/9742 http://sunsolve.sun.com/search/document.do?assetkey=1-26-56740-1&searchclause=security http://www.ciac.org/ciac/bulletins/n-148.shtml http://www.idefense.com/advisory/09.16.03.txt http://www.kb.cert.org/vuls/id/41870 http://w •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2003-1081
https://notcve.org/view.php?id=CVE-2003-1081
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file. Aspppls para Solaris 8 permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre el archivo temporal .asppp.fifo. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-46903-1 http://www.auscert.org.au/render.html?it=3411&cid=1 http://www.ciac.org/ciac/bulletins/o-001.shtml http://www.kb.cert.org/vuls/id/464817 http://www.securityfocus.com/bid/5698 https://exchange.xforce.ibmcloud.com/vulnerabilities/10105 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2003-1063
https://notcve.org/view.php?id=CVE-2003-1063
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-56300-1 http://www.ciac.org/ciac/bulletins/n-134.shtml http://www.securityfocus.com/bid/8461 https://exchange.xforce.ibmcloud.com/vulnerabilities/12942 •
CVSS: 1.2EPSS: 0%CPEs: 8EXPL: 1CVE-2003-0669
https://notcve.org/view.php?id=CVE-2003-0669
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users. Vulnerabilidad desconocida en Solaris 2.6 a 9 causa una denegación de servicio (pánico de sistema) mediante "una rara condición de carrera" o un ataque de usuarios locales. • http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47353 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4561 •
CVSS: 10.0EPSS: 79%CPEs: 8EXPL: 7CVE-2003-0466 – FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0466
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Error de fuera-por-uno (off-by-one) en la función fb_realpath(), derivada de la función realpath de BSD, pude permitir a atacantes ejecutar código arbitrario, como se ha demostrado en wu-ftpd 2.5.0 a 2.6.2 mediante comandos que causan que nombres de rutas de tamaño MAXPATHLEN+1 disparen un desbordamiento de búfer, incluyendo: (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, y (8) RNTO. • https://www.exploit-db.com/exploits/22976 https://www.exploit-db.com/exploits/78 https://www.exploit-db.com/exploits/74 https://www.exploit-db.com/exploits/22974 https://www.exploit-db.com/exploits/22975 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://isec.pl/vulnerabilities/isec-0011-wu • CWE-193: Off-by-one Error •