Sun: >> Solaris >> 1.1.4 Security Vulnerabilities
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
CVSS Score
5.0
EPSS Score
0.008
Published
2004-02-16
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
CVSS Score
10.0
EPSS Score
0.896
Published
2003-09-22
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
CVSS Score
2.1
EPSS Score
0.001
Published
2001-08-31
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
CVSS Score
7.2
EPSS Score
0.003
Published
2000-06-14
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
CVSS Score
7.2
EPSS Score
0.001
Published
1999-06-09
rpc.admind in Solaris is not running in a secure mode.
CVSS Score
10.0
EPSS Score
0.005
Published
1999-01-01
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
CVSS Score
7.2
EPSS Score
0.002
Published
1998-12-01
Vacation program allows command execution by remote users through a sendmail command.
CVSS Score
7.5
EPSS Score
0.029
Published
1998-11-16
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
CVSS Score
4.6
EPSS Score
0.001
Published
1998-05-21
The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.
CVSS Score
7.5
EPSS Score
0.008
Published
1998-03-01