rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
CVSS Score
2.1
EPSS Score
0.003
Published
2003-01-03
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.
CVSS Score
4.6
EPSS Score
0.001
Published
2002-12-31
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2002-12-31
Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.
CVSS Score
7.2
EPSS Score
0.001
Published
2002-12-31
Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.
CVSS Score
7.2
EPSS Score
0.001
Published
2002-12-31
Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.
CVSS Score
4.9
EPSS Score
0.001
Published
2002-12-31
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
CVSS Score
7.2
EPSS Score
0.0
Published
2002-12-23
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
CVSS Score
7.5
EPSS Score
0.425
Published
2002-12-11
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
CVSS Score
4.6
EPSS Score
0.001
Published
2002-12-11
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.
CVSS Score
2.1
EPSS Score
0.001
Published
2002-12-04