Sun: >> Solaris >> 10.0 Security Vulnerabilities
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
CVSS Score
7.2
EPSS Score
0.001
Published
2006-08-24
Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).
CVSS Score
2.6
EPSS Score
0.007
Published
2006-08-23
Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.
CVSS Score
5.4
EPSS Score
0.008
Published
2006-08-14
The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect.
CVSS Score
5.4
EPSS Score
0.009
Published
2006-08-14
The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.
CVSS Score
5.0
EPSS Score
0.006
Published
2006-08-01
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
CVSS Score
5.0
EPSS Score
0.02
Published
2006-07-28
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.
CVSS Score
4.9
EPSS Score
0.003
Published
2006-07-25
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.
CVSS Score
2.1
EPSS Score
0.001
Published
2006-07-25
Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.
CVSS Score
7.8
EPSS Score
0.01
Published
2006-07-24
Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.001
Published
2006-07-24