CVE-2009-1207
https://notcve.org/view.php?id=CVE-2009-1207
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. Condición Race en la secuencia de comandos en Sun Solaris v8 hasta v10, y OpenSolaris snv_01 hasta snv_111, permite a los usuario locales sobrescribir arbitrariamente archivos, probablemente involucra un ataque de enlace simbólico en archivos temporales. • http://secunia.com/advisories/34558 http://secunia.com/advisories/34813 http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253468-1 http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm http://www.securityfocus.com/bid/34316 http://www.vupen.com/english/advisories/2009/1105 https://exchange.xforce.ibmcloud.com/vulnerabilities/49526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2009-0913
https://notcve.org/view.php?id=CVE-2009-0913
Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options. Vulnerabilidad no especificada en el módulo keysock del kernel en Solaris v10 y OpenSolaris versiones vsnv_01 hasta vsnv_108 permite a usuarios locales provocar una denegación de servicio (error irrecuperable del sistema) mediante vectores desconocidos relacionados con el socket PF_KEY, relacionado probablemente con las opciones de configuración del socket. • http://osvdb.org/52678 http://secunia.com/advisories/34277 http://secunia.com/advisories/34456 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253568-1 http://support.avaya.com/elmodocs2/security/ASA-2009-099.htm http://www.securityfocus.com/bid/34118 http://www.securitytracker.com/id?1021846 http://www.vupen.com/english/advisories/2009/0717 http://www.vupen.com/english/advisories/2009/0817 https://exchange.xforce.ibmcloud.com/vulnerabilities/49247 https://oval. •
CVE-2009-0874
https://notcve.org/view.php?id=CVE-2009-0874
Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function. Vulnerabilidades múltiples no especificadas en el subsistema Doors en el kernel en Sun Solaris v8 hasta v10, y OpenSolaris anteriores a snv_94, permite a los usuarios locales causar una denegación de servicio (cuelgue del proceso), o posiblemente evitar los permisos del archivo o obtener privilegios kernel-context, a través de vectores incluyendo los relativos a (1) argumento que maneja deadlook en una puerta de servidor (2) problemas watchpoint en la función door_call. • http://secunia.com/advisories/34227 http://secunia.com/advisories/34375 http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-61-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-242486-1 http://support.avaya.com/elmodocs2/security/ASA-2009-095.htm http://www.securityfocus.com/bid/34081 http://www.securitytracker.com/id?1021840 http://www.vupen.com/english/advisories/2009/0673 http://www.vupen.com/english/advisories/2009/0766 • CWE-399: Resource Management Errors •
CVE-2009-0875
https://notcve.org/view.php?id=CVE-2009-0875
Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server. Condición de carrera en el subsistema Doors en el kernel en Sun Solaris v8 hasta v10, y OpenSolaris anterior a snv_94, permite a los usuarios locales causar una denegación de servicio (cuelgue del proceso) o posiblemente evitar los permisos del archivo o ganar privilegios kernel-context, a través de vectores que implican en el tiempo en que el control transfiere desde un usuario llamador a la puerta de servidor. • http://osvdb.org/52561 http://secunia.com/advisories/34227 http://secunia.com/advisories/34375 http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-61-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-242486-1 http://support.avaya.com/elmodocs2/security/ASA-2009-095.htm http://www.securityfocus.com/bid/34081 http://www.securitytracker.com/id?1021840 http://www.vupen.com/english/advisories/2009/0673 http://www.vupen.com/english/advisories/2009/0766 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2009-0872
https://notcve.org/view.php?id=CVE-2009-0872
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes. El servidor NFS en Sun Solaris 10 y Opensolaris anterios a svn_111, no implementa adecuadamente el modo de seguridad AUTH_NONE (también conocido como sec=none) en combinación con otros modos de seguridad, lo que permite a atacantes remotos evitar las restricciones de acceso establecidas y leer o modificar archivos, como se ha demostrado mediante la combinación de modos de seguridad AUTH_NONE y AUTH_SYS. • http://osvdb.org/52559 http://secunia.com/advisories/34213 http://secunia.com/advisories/34429 http://securitytracker.com/id?1021833 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253588-1 http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm http://www.securityfocus.com/bid/34063 http://www.vupen.com/english/advisories/2009/0658 http://www.vupen.com/english/advisories/2009/0798 https • CWE-264: Permissions, Privileges, and Access Controls •