CVE-2009-0874
https://notcve.org/view.php?id=CVE-2009-0874
Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function. Vulnerabilidades múltiples no especificadas en el subsistema Doors en el kernel en Sun Solaris v8 hasta v10, y OpenSolaris anteriores a snv_94, permite a los usuarios locales causar una denegación de servicio (cuelgue del proceso), o posiblemente evitar los permisos del archivo o obtener privilegios kernel-context, a través de vectores incluyendo los relativos a (1) argumento que maneja deadlook en una puerta de servidor (2) problemas watchpoint en la función door_call. • http://secunia.com/advisories/34227 http://secunia.com/advisories/34375 http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-61-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-242486-1 http://support.avaya.com/elmodocs2/security/ASA-2009-095.htm http://www.securityfocus.com/bid/34081 http://www.securitytracker.com/id?1021840 http://www.vupen.com/english/advisories/2009/0673 http://www.vupen.com/english/advisories/2009/0766 • CWE-399: Resource Management Errors •
CVE-2009-0872
https://notcve.org/view.php?id=CVE-2009-0872
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes. El servidor NFS en Sun Solaris 10 y Opensolaris anterios a svn_111, no implementa adecuadamente el modo de seguridad AUTH_NONE (también conocido como sec=none) en combinación con otros modos de seguridad, lo que permite a atacantes remotos evitar las restricciones de acceso establecidas y leer o modificar archivos, como se ha demostrado mediante la combinación de modos de seguridad AUTH_NONE y AUTH_SYS. • http://osvdb.org/52559 http://secunia.com/advisories/34213 http://secunia.com/advisories/34429 http://securitytracker.com/id?1021833 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253588-1 http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm http://www.securityfocus.com/bid/34063 http://www.vupen.com/english/advisories/2009/0658 http://www.vupen.com/english/advisories/2009/0798 https • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-0870
https://notcve.org/view.php?id=CVE-2009-0870
The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function. El modulo del servidor NFSv4 en el kernel en Sun Solaris v10, y OpenSolaris anterior a snv_111, permite a usuarios locales producir una denegación de servicio (bucle infinito y colgado de sistema) mediante el acceso a un fichero de sistema hsfs que esta compartido en NFSv4, relacionado con la función rfs4_op_readdir. • http://secunia.com/advisories/34193 http://secunia.com/advisories/34371 http://securitytracker.com/id?1021819 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-252469-1 http://support.avaya.com/elmodocs2/security/ASA-2009-090.htm http://www.securityfocus.com/bid/34031 http://www.vupen.com/english/advisories/2009/0635 http://www.vupen.com/english/advisories/2009/0765 https://exchange.xforce.ibmcloud& • CWE-399: Resource Management Errors •
CVE-2009-0838
https://notcve.org/view.php?id=CVE-2009-0838
The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function. El controlador crypto pseudo en Sun Solaris v10, y OpenSolaris snv_88 hasta snv_102, no libera memoria adecuadamente, lo cual permite a usuarios locales provocar una denegación de servicio (pánico) a través de vectores no especificados, relacionado con la función vmem_hash_delete. • http://secunia.com/advisories/34149 http://secunia.com/advisories/34455 http://securitytracker.com/id?1021810 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139498-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254088-1 http://support.avaya.com/elmodocs2/security/ASA-2009-097.htm http://www.securityfocus.com/bid/34000 http://www.vupen.com/english/advisories/2009/0606 http://www.vupen.com/english/advisories/2009/0815 https://exchange.xforce.ibmcloud& • CWE-399: Resource Management Errors •
CVE-2009-0480
https://notcve.org/view.php?id=CVE-2009-0480
The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets. La implementación IP en Sun Solaris v8 a la v10 y OpenSolaris anterior a snv_82, emplea una arena inadecuada cuando al asignar números secundarios para sockets, lo que permite a usuarios locales provocar una denegación de servicio (fallo en la aplicación 32-bit o parada de login) mediante la apertura de un gran número de sockets. • http://mail.opensolaris.org/pipermail/onnv-notify/2008-January/013262.html http://secunia.com/advisories/33751 http://securitytracker.com/id?1021653 http://sunsolve.sun.com/search/document.do?assetkey=1-21-116965-34-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-248026-1 http://support.avaya.com/elmodocs2/security/ASA-2009-042.htm http://www.securityfocus.com/bid/33550 http://www.vupen.com/english/advisories/2009/0364 https://oval.cisecurity.org/repository/search/def • CWE-189: Numeric Errors •