Sun: >> Solaris >> 2.6 Security Vulnerabilities
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.
CVSS Score
4.6
EPSS Score
0.002
Published
1999-09-22
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
CVSS Score
7.5
EPSS Score
0.073
Published
1999-09-13
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
CVSS Score
7.2
EPSS Score
0.001
Published
1999-09-13
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
CVSS Score
7.2
EPSS Score
0.004
Published
1999-09-13
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
CVSS Score
7.2
EPSS Score
0.006
Published
1999-09-08
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
CVSS Score
7.5
EPSS Score
0.224
Published
1999-08-11
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
CVSS Score
7.2
EPSS Score
0.001
Published
1999-08-09
sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.
CVSS Score
4.6
EPSS Score
0.001
Published
1999-08-09
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
CVSS Score
10.0
EPSS Score
0.056
Published
1999-07-01
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
CVSS Score
7.2
EPSS Score
0.001
Published
1999-06-09