The OVAL Repository5.102015-09-03T08:48:06.820-04:00Solaris Xorg Privilege Escalation via Pixmaps VulnerabilitySun Solaris 9Sun Solaris 10XMultiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris Xsun and Xprt Unspecified Local Privilege EscalationSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10XsunUnspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the KSSL Kernel Module May Lead to a System PanicSun Solaris 10Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 Systems May Panic or Hang When Running Certain DTrace D ProgramsSun Solaris 10Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDBourne Shell Local-DoS VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.Robert L. HollisDRAFTINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the TCP Loopback/Fusion Code May Lead to a System Hang Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary CodeSun Solaris 10Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Apache 2 "mod_perl2" Module Components "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to DataSun Solaris 10Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary CodeSun Solaris 10Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris Trusted Extensions due to Missing Libraries may Allow Privilege EscalationSun Solaris 10Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to DataSun Solaris 10PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in lbxproxy(1) may Allow Unauthorized Read Access to FilesSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDAn Integer Overflow Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in rm(1) may Lead to Unauthorized Deletion of Files or DirectoriesSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary CodeSun Solaris 10Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDInteger Overflow Security Vulnerability in AES and RC4 Decryption in the Solaris Kerberos Crypto Library May Lead to Execution of Arbitrary Code or a Denial of Service (DoS)Sun Solaris 10Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS)Sun Solaris 8Sun Solaris 9Sun Solaris 10The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary CodeSun Solaris 10Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDGNU GZip CHMod File Permission Modification Race ConditionWeaknessSun Solaris 8Sun Solaris 9Sun Solaris 10gzipRace condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDSolaris and OpenSolaris products kernel component vulnerabilitySun Solaris 10Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_01 through snv_98 allows local users to affect availability via unknown vectors related to the Kernel.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSun Java System Access Manager Local Authentication Bypass VulnerabilitySun Solaris 10Sun Solaris 9Access ManagerUnspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache PoisoningSun Solaris 9Sun Solaris 10Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA vulnerability in the way named(1M) handles recursive client queries may allow a remote unprivileged user to cause named(1M) to return NXDOMAIN (Non-Existent Domain) for Internet hosts thus causing a Denial of Service (DoS) for those hosts to end usersSun Solaris 9Sun Solaris 10ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMIT Kerberos 5 Key Distribution Center Remote Denial of Service VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10KerberosHeap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSun Management Center Product VulnerabilitySun Solaris 10Unspecified vulnerability in the Sun Management Center component in Oracle Sun Product Suite 3.6.1 and 4.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Solaris Container Manager.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris and OpenSolaris products Trusted Extensions component vulnerabilitySun Solaris 10Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_134 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Trusted Extensions.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris Privilege Escalation/DoS Vulnerability (6293270)Sun Solaris 9Sun Solaris 10Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSolaris and OpenSolaris Products /dev/ucode Component VulnerabilitySun Solaris 10The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris Trusted Extensions may Prevent XScreenSaver (xscreensaver(1)) From RunningSun Solaris 10Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the "restart daemon."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Regression in the Solaris 10 Gnome-XScreenSaver (see xscreensaver(1)) may Allow Pop-up Windows to Appear through XScreenSaver when the Accessibility Feature is OnSun Solaris 10XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDlpsched Local System Corruption VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDA security vulnerability in Solaris Sockets Direct Protocol (SDP) driver (sdp(7D)) may allow a local or remote unprivileged user to exhaust all kernel memorySun Solaris 10Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Weakness in Solaris Trusted Extensions May Facilitate Privilege EscalationSun Solaris 10Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris pollwakeup(9F) May Allow an Unprivileged User to Panic the SystemSun Solaris 10Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris IP Filter (ipf(5)) May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris SCTP Packet Processing may Lead to a System Panic Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris rpc.nisd(1M) Daemon may Cause a Denial of Service (DoS) Condition to a NIS+ ServerSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS)Sun Solaris 10PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the libxml2 Library Routines xmlBufferResize() May Lead to Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8, 9, 10 Blind Connection Reset Attack VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDPai PengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the libxml2 Library Routines xmlSAX2Characters() May Lead to Arbitrary Code Execution or Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris keysock Kernel Module may Lead to a System PanicSun Solaris 10Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris dircmp(1) Shell Script may Allow Overwriting of Arbitrary FilesSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Solaris lpadmin(1M) and ppdmgr(1M) Utilities May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Kerberos Incremental Propagation May Lead to a Denial of Service (DoS) Against Slave KDC SystemsSun Solaris 10Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDRace Condition Security Vulnerability in Solaris Auditing Related to Extended File Attributes May Allow Local Unprivileged Users to Panic the SystemSun Solaris 9Sun Solaris 10Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris Kernel Involving the Interaction of the Filesystem and Virtual Memory SubsystemsSun Solaris 8Sun Solaris 9Sun Solaris 10The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Simple Authentication and Security Layer (SASL) Library Bundled with the Java Enterprise System (JES) may Allow Unprivileged Users to Crash Applications Using the sasl_encode64 FunctionSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability with IKE Packet Handling in Solaris libike Library may Lead to a Crash of in.iked(1M)Sun Solaris 9Sun Solaris 10libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris ip(7P) Kernel Module's IP-in-IP Packet Processing May Lead to a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris SSH May Allow Unauthorized Access to X11 SessionsSun Solaris 9Sun Solaris 10OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris Pseudo-terminal Driver (pty(7D)) may Cause a System PanicSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris IP(7p) Implementation, Related to Minor Number Allocation, may Lead to a Denial of Service (DoS) ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerability in the Virtual Host Manager in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Cross Site Scripting (XSS).Sun Solaris 9Sun Solaris 10Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the X Inter Client Exchange Library (libICE) Shipped With Solaris May Allow a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerability in the HttpServletResponse.sendError method in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Cross Site Scripting (XSS).Sun Solaris 9Sun Solaris 10Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)Sun Solaris 10Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris "autofs" Kernel Module may Allow a Local Unprivileged User to Execute Arbitrary CodeSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSUNRAS Plugin of Gimp VulnerabilitySun Solaris 9Sun Solaris 10Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris IP Tunnel Parameter Processing May Lead to a System Panic or Possible Execution of Arbitrary Code by Unprivileged UsersSun Solaris 10tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the DNS Protocol May Lead to DNS Cache PoisoningSun Solaris 8Sun Solaris 9Sun Solaris 10The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the OpenSSL PKCS#11 Engine May Result in Denial of Service (DoS) Due to a Corrupted Session CacheSun Solaris 10The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDTwo Race Condition Vulnerabilities in the Solaris Event Port API May Allow Local Users to Panic the System, Causing a Denial of Service (DoS)Sun Solaris 10Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDManipulated Tag Files used with Solaris Text Editors May Lead to Execution of Arbitrary CodeSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Directory Traversal.Sun Solaris 9Sun Solaris 10Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability May Allow Popup Windows to Appear Through the Solaris XScreenSaver Program on Xorg(1) ServersSun Solaris 8Sun Solaris 9Sun Solaris 10XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in DHCP Handling of DHCP Requests May Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP ServiceSun Solaris 8Sun Solaris 9Sun Solaris 10Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDPCX Plugin of Gimp VulnerabilitySun Solaris 9Sun Solaris 10Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Management of Solaris Kerberos (see kerberos(5)) may Lead to a User Denial of Service (DoS) AttackSun Solaris 8Sun Solaris 9Sun Solaris 10The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDPSD Plugin of Gimp vulnerabilitySun Solaris 9Sun Solaris 10Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the Solaris 10 Event Port Implementation May Lead to a System Panic, Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris snoop(1M) when Displaying SMB TrafficSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in IP Multicast Filter processing of Sockets may lead to a system panic or possible execution of Arbitrary CodeSun Solaris 10Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDThe Solaris rpc.metad(1M) Daemon is Vulnerable to a Denial of Service (DoS) AttackSun Solaris 9Sun Solaris 10rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris sendfile(3EXT) and sendfilev(3EXT) Extended Library Functions may Result in a Denial of Service (DoS) Condition due to a System PanicSun Solaris 8Sun Solaris 9Sun Solaris 10The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in DHCP Handling of DHCP Requests May Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP ServiceSun Solaris 8Sun Solaris 9Sun Solaris 10in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability With the Solaris Crypto Driver May Cause a System PanicSun Solaris 10The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the ACL (acl(2)) Implementation for UFS File Systems May Allow a Local User to Panic the SystemSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the namefs Kernel module may result in Arbitrary Code Execution or a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10."Sun Solaris 10Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Simplified Chinese, Traditional Chinese, Korean, and Thai Language Input MethodsSun Solaris 10The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in FreeType 2 Font Engine May Allow Privilege Escalation Due to Heap OverflowSun Solaris 8Sun Solaris 9Sun Solaris 10Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability May Allow Firewall Compromise or Creation of Denial of Service (DoS) ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Solaris lpadmin(1M) and ppdmgr(1M) Utilities May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporary files.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDTwo Security Vulnerabilities Exist Within the cpc(3CPC) Sub-System of the Solaris KernelSun Solaris 10Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the USB Mouse STREAMS Module May Lead to a System PanicSun Solaris 9Sun Solaris 10Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDCovert Channel Security Vulnerability in the Solaris KernelSun Solaris 8Sun Solaris 9Sun Solaris 10The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 DTrace Dynamic Tracing Framework May Allow Unauthorized Kernel Level TracingSun Solaris 10Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Solaris Priority Inherited pthread mutex API May Result in a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 Related to the dotoprocs() RoutineSun Solaris 10Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris X Server May Lead to Unauthorized Disclosure of Information on Access Restricted Files and DirectoriesSun Solaris 8Sun Solaris 9Sun Solaris 10X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in inetd(1M) Daemon When Debug Logging is EnabledSun Solaris 10inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 STREAMS Administrative Driver ("sad") May Allow a Denial of Service (System panic)Sun Solaris 10Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() FunctionSun Solaris 10Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris snoop(1M) when Displaying SMB TrafficSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in Solaris Print Service May Lead to Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Denial of Network Services Due to Network FloodingSun Solaris 10Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)Sun Solaris 10Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the libxml2 Library May Lead to a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in libdevinfo(3LIB) May Allow Unauthorized Access to Files on the SystemSun Solaris 10Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Panic and Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris 10 involving the sendfilev() system call could result in Denial of Service (DoS) due to System PanicSun Solaris 10Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Floating Point Context Switch Implementation May Result in a Denial of Service (DoS) or Data Integrity IssuesSun Solaris 9Sun Solaris 10Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Handling of Self Encapsulated IP Packets may Lead to a Denial of Service (DOS) Condition.Sun Solaris 8Sun Solaris 9Sun Solaris 10Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris 10 libexif May Allow Code Execution or a Denial of Service (DoS) ConditionSun Solaris 10Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary CodeSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.Nicholas HansenDRAFTINTERIMDragos PrisacaACCEPTEDACCEPTEDSolaris 8, 9, 10 ICMP Source Quench Attack VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDPai PengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated PrivilegesSun Solaris 10The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated PrivilegesSun Solaris 10Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris Volume Manager (SVM) May Allow a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDMIT Kerberos 5 Key Distribution Center Remote Denial of Service VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10KerberosMIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSun Java System Access Manager Local Authentication Bypass VulnerabilitySun Solaris 10Sun Solaris 9Sun Solaris 8Access ManagerUnspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.Pai PengDRAFTINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))Sun Solaris 8Sun Solaris 9Sun Solaris 10Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in Solaris Kernel Statistics Retrieval Process May Allow a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 patchadd T-patch IssueSun Solaris 10patchaddThe patchadd facility for Solaris 10 fails to install T-patches. Sun sometimes releases a T-patch as a temporary version of a patch prior to the final release of that patch. While this flaw does not directly represent a vulnerability, it does prevent the timely application of some (possibly critical) updates.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDCritical Patch Update July 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone.JaikumarDRAFTINTERIMINTERIMCritical Patch Update July 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat.JaikumarDRAFTINTERIMINTERIMCritical Patch Update July 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server.JaikumarDRAFTINTERIMINTERIMCritical Patch Update July 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4.JaikumarDRAFTINTERIMINTERIMCritical Patch Update July 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem.JaikumarDRAFTINTERIMINTERIMCritical Patch Update April 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update April 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Accounting commands.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update April 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).PuneethDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2015Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.PuneethDRAFTINTERIMACCEPTEDACCEPTEDVulnerability affecting GNU BashSun Solaris 10GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDVulnerability affecting GNU BashSun Solaris 10GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update July 2014Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs.Manu M GDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update July 2014Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao).Manu M GDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update July 2014Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers.Manu M GDRAFTINTERIMACCEPTEDACCEPTEDAdd in the new html file option in codeSun Solaris 10Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDAdd in the new html file option in codeSun Solaris 10Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDAdd in the new html file option in codeSun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2014Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2014Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2014Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 BIND: Susceptible to Cache Poisoning AttackSun Solaris 10ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDLocal Users May be Able to Hang Systems That Have Loaded The Kernel Debugger kmdb(1)Sun Solaris 10Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Handling of Thread Contexts in the Solaris Kernel May Allow a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in X Display Manager (xdm(1)) Xsession ScriptSun Solaris 8Sun Solaris 9Sun Solaris 10The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris HostSun Solaris 10Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 TCP Fusion Code May Lead to a System Panic, Resulting in a Denial of Service (DoS)Sun Solaris 10The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSun Solaris Unspecified x86 64 Bit Local Denial Of ServiceVulnerabilitySun Solaris 10Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDCritical Patch Update January 2014Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability With the Special File System (SPECFS) strfreectty() Function May Allow a Local Unprivileged User to Panic a SystemSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris Named Pipes (pipe(2)) May Allow Unauthorized Data AccessSun Solaris 8Sun Solaris 9Sun Solaris 10Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability Due to Buffer Overflow in The format(1M) Command May Allow Privilege Elevation For Certain RBAC ProfilesSun Solaris 8Sun Solaris 9Sun Solaris 10Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris libsldap Library May Allow a Denial of Service to nscd(1M)Sun Solaris 8Sun Solaris 9Sun Solaris 10The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the TCP Implementation of Solaris 10 Systems May Result in a System Panic Under High TCP/IP TrafficSun Solaris 10Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.Gyesi AmaniampongDRAFTINTERIMACCEPTEDACCEPTEDVulnerability With Solaris IPv6 May Allow a Remote User the Ability to Create a Denial of Service ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris Auditing (BSM) Related to Network Auditing May Lead to Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in The Solaris Event Port API May Result in a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the tip(1) Command May Allow Execution of Arbitrary Code With Elevated PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris 10 inetd(1M) Service May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.Pai PengDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Human Interface Device (HID) Class Driver for SolarisSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDdtsession(1X) Contains a Buffer Overflow VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDpkgadd(1M) May Set Incorrect Permissions if The pkgmap(4) File Contains a "?" in The "Mode" FieldSun Solaris 10pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the vuidmice(7M) STREAMS Modules May Lead to a Denial of Service (DoS) ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2011Sun Solaris 10Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)Sun Solaris 8Sun Solaris 9Sun Solaris 10Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2012Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2012Sun Solaris 10Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2012Sun Solaris 10Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 9 and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to SSH.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Server (rquotad).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allows local users to affect integrity and availability via unknown vectors related to Process File System (procfs).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Installer.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Performance Counter BackEnd Module (pcbe).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2012Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2012Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rksh.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2011Sun Solaris 10Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in NFS Client Module May Lead to a Denial of Service ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.John WregglesworthDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2013Sun Solaris 10Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2013Sun Solaris 10Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 Virtual File System (VFS) may Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality via unknown vectors related to Ethernet and the Driver sub-component.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability With NIS server ypserv(1M) May Allow a Denial of Service (DoS) to OccurSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Sun Remote Services (SRS) Net Connect SoftwareSun Solaris 8Sun Solaris 9Sun Solaris 10srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JANUARY 2012Sun Solaris 10Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality, related to Network Services Library (libnsl).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote authenticated users to affect availability, related to TCP/IP.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/SPARC.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 Link Aggregation may Allow Local Users Total Access to Network PacketsSun Solaris 10Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Solaris Trusted Extensions "labeld" Service May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to DTrace Software Library (libdtrace).Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE OCTOBER 2011Sun Solaris 10Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2012Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE JULY 2013Sun Solaris 10Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDCRITICAL PATCH UPDATE APRIL 2013Sun Solaris 10Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration.Merryl DMelloDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in How xscreensaver(1) Interacts With GNOME Assistive Technology May Allow Arbitrary Command ExecutionSun Solaris 10xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Netscape Portable Runtime (NSPR) API Affects SolarisSun Solaris 10The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)Sun Solaris 8Sun Solaris 9Sun Solaris 10Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDBuffer Overflow Vulnerability in libX11Sun Solaris 8Sun Solaris 9Sun Solaris 10Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the rcp(1) Command May Allow Execution of Unintended CommandsSun Solaris 8Sun Solaris 9Sun Solaris 10rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in X Display Manager (xdm(1)) Xsession ScriptSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Kerberos Administration Daemon (kadmind(1M)) May Lead to Arbitrary Code ExecutionSun Solaris 9Sun Solaris 10Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.Nicholas HansenDRAFTINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDACCEPTEDSun Solaris Gzip Race condition and Directory Traversal IssuesSun Solaris 8Sun Solaris 9Sun Solaris 10gzipDirectory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDX.Org Privilege Escalation Vulnerability in X11R6.9, X11R7.0Sun Solaris 10X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in libX11 for SolarisSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Logging Mechanism for Solaris Management Console (SMC) May Lead to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability Relating to the acl(2) System Call May Allow Denial of Service (DoS) to the SystemSun Solaris 10Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability With RSA Signature Affects Solaris Applications Utilizing the libike LibrarySun Solaris 9Sun Solaris 10The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCD Drive DoS VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris Kernel May Allow a Denial of Service (DoS) Condition to OccurSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDpagedata Subsystem Local DoS VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSolaris 10 find on /proc panic DoS VulnerabilitySun Solaris 10Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDKerberos Command Execution Vulnerability rexec DaemonSun Solaris 10XUnspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSMC TRACE HTTP VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Solaris Management ConsoleThe default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in IPv6 Implementation (ip6(7p)) Related to the Handling of IPsec Packets may Lead to a System Panic, Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSolaris Hosts are Vulnerable to a Denial of Service Induced by an Internet Transmission Control Protocol (TCP) "ACK Storm"Sun Solaris 8Sun Solaris 9Sun Solaris 10The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris 10 Loopback FileSystem (LOFS) May Allow Files in a Non-global Zone to be Moved or Renamed From a Read-Only FileystemSun Solaris 10The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Authentication Mechanism for Solaris Management Console (SMC) May Lead to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)Sun Solaris 8Sun Solaris 9Sun Solaris 10Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8 (x86) is installedSun Solaris 8The operating system installed on the system is Sun Solaris 8 for x86.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8 (SPARC) is installedSun Solaris 8The operating system installed on the system is Sun Solaris 8 for SPARC.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDFormat string vulnerability in Sun Java Web ConsoleSun Solaris 10Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.Pai PengDRAFTINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris 10 ICMP Handling May Allow a SystemPanic and Result in Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the sshd(1M) Protocol Version 1 Implementation May Allow a Denial of Service to the HostSun Solaris 9Sun Solaris 10sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDDeprecated in favor of oval:org.mitre.oval:def:219.Sun Solaris 10Operating SystemUnspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikDEPRECATEDDEPRECATEDSecurity Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSLSun Solaris 10The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability Relating to scp(1) Command May Allow Attackers to Execute Arbitrary CommandsSun Solaris 9Sun Solaris 10scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.Yuzheng ZhouDRAFTINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDSolaris 9 (x86) is installedSun Solaris 9The operating system installed on the system is Sun Solaris 9 for x86.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris 9 (SPARC) is installedSun Solaris 9The operating system installed on the system is Sun Solaris 9 for SPARC.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 NFS XDR Handling May Allow a Denial of Service to NFS ServersSun Solaris 10Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 (x86) is installedSun Solaris 10The operating system installed on the system is Sun Solaris 10 for x86.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 (SPARC) is installedSun Solaris 10The operating system installed on the system is Sun Solaris 10 for SPARC.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDPerl Format String Integer Overflow VulnerabilitySun Solaris 10PerlInteger overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris Xsun Privilege Escalation via Pixmaps VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10XMultiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff Directory Entry Count Integer Overflow VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffInteger overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff Malloc Error Denial of ServiceSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffMultiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff tif_dirread divide-by-zero Denial of ServiceSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffVulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff RLE Decoder Buffer Overflow VulnerabilitiesSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffMultiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRough translation of the Sun recommended test of: % grep default_realm /etc/krb5/krb5.conf | grep -v ___default_realm___ default_realm = EXAMPLE.COM118908
112785
119059
/usr/openwin/binXprt119060
112786
108652
108653
/usr/openwin/binXsun^.*kssl.*121475
121474
125101
125100
109324
118535
121004
109325
118536
121005
125101
118855
125100
118833
143502
01143503
01/etc/apache2httpd.confPerlResponseHandler.+ModPerl::PerlRunsvc:/network/http:apache2120544
15120543
15119067
119060
112786
119059
119068
112785
143511
01143510
01123373
123372
124970
124245
124969
124244
141501
07141500
06/etc/krb5krb5.conf^[^#_]*default_realm[^=]*=[^_]*$119211
22119212
22119213
21SUNWtls119214
21119209
22143506
01143507
01SUNWPython118191
04118192
04139100
03139099
03125333
08125332
08120739
06120740
06138889
01138888
01120955
119783
14119784
14112837
21114265
20119784
15/etcnamed.conftrusted\-keys119783
15125833
05SUNWessrv139613
01143314
02120095
25120461
16125533
15122470
03119907
15120094
25122212
36122471
03119906
15120460
16122213
36125534
15112234
117172
143913
01127128
11125533
14125534
14120094
28120094
27120095
29120095
27120094
29120095
28109320
109321
113329
114890
120467
120468
^/etc/lp/printers/.*127127
11141445
09127128
11141444
09126364
08svc:/system/labeld:default126363
08141414
141415
125015
125014
120011
141021
141020
120012
svc:/network/ipfilter:default120272
120273
SUNWsmagtsvc:/application/management/sma:default141415
141414
112960
114242
128624
140917
rpc\.nisd128625
140918
svc:/network/rpc/nisplus:defaultsvc:/application/database/postgresql138827
138826
SUNWpostgr-83SUNWpostgr-82123590
136999
136998
123591
SUNWpostgr114014
125732
114015
125731
141008
141009
138896
140837
138897
140838
141014
141015
krb5_prop138371
138372
140922
140921
122301
/etcsystem^[^*].+c2audit122300
139555
139556
119346
SUNWsasl115343
115328
115342
119345
114435
113451
/etc/inet/ikeconfig140196
140414
114344
119435
138889
138888
126133
/etc/sshsshd_config^\s*X11Forwarding\s+no\s*114357
114356
/etc/sshsshd_config^\s*X11Forwarding\s+yes\s*126134
^.*sshd.*140383
140384
113685
140427
113686
140426
116966
138889
116965
114344
138888
119435
112785
119067
119059
119068
119060
112786
139099
128624
139560
116053
113318
128625
autofs139561
138889
138888
114265
/usr/sbin/in.named112837
109327
109326
119784
119783
139459
138863
122213
122212
141414
141415
116479
113031
120831
120830
110904
110903
114016
122911
SUNWtcatr114017
122912
.*Xorg\b.*115158
SUNWxwsvr120095
120094
115299
115159
115298
109077
112837
109078
114265
138876
138877
115168
112908
109806
139479
109805
139478
121775
122212
122213
137112
137111
138882
116669
138574
138632
141414
122300
127722
127721
141415
122301
138876
109077
114265
109078
138877
svc:/network/dhcp-server:default112837
139498
139499
117351
139484
139483
122300
117350
/etcmnttab^[^\t]+\t[^\t]+\tufs\t(.+)122301
136717
114984
114971
114985
138570
136716
141733
141734
120413
SUNWtleu120414
120415
SUNWhleu2120412
SUNWkleuSUNWhkleuSUNWcleu2124420
119812
116106
124421
116105
119813
114344
116966
118822
116965
118844
119435
139390
127127
127128
139391
127111
127112
123402
123403
115553
115554
122301
117350
137111
122300
137112
117351
120011
120012
137112
137111
/etcsystemset\s+snooping\s*=\s*1\s114678
119810
114677
119811
138372
138371
112237
115168
112908
112238
112240
112390
127112
127111
112785
119060
125719
119059
119068
119067
118908
125720
112786
/usr/openwin/binXsun127719
127718
/var/tmpinetd.log127744
120012
120011
127743
127112
127111
108965
112915
138083
108964
114262
138084
113329
109321
127128
114980
109320
127127
139100
114014
125731
125732
114015
118833
118855
125251
125252
127127
127128
137111
137112
122301
127111
116965
119435
127112
116966
114344
121095
121096
137017
137018
109008
109007
122301
122300
117470
116966
116965
118822
118305
118562
121230
121229
118563
113073
118559
113026
122371
113994
126257
124256
116669
112238
SUNWCryr112390
115168
112237
120469
112240
112537
120470
112908
112536
SUNWCry120954
SUNWamsvc118855
127111
118833
127112
126661
126662
126929
126928
113318
117468
127112
122301
117351
117350
127111
122300
119255
119254
150400
26148628
02148627
02148310
06148309
06150401
24150400
24150832
08150833
08148769
02148768
02136894
02136893
02150400
23150401
23150837
01150836
01125907
02147440
07147441
07150120
03150119
03148404
01148403
01147441
23147440
23150400
10150401
10150401
10150400
10150401
10150400
10150837
01150836
01141897
10141596
10126119
02126120
02126546
06126547
06150114
02150113
02123896
77123893
77150401
13151355
01149075
01149076
01151145
01150401
11150400
11150158
01150157
01147673
08147674
08150401
06150400
06SUNWbind119784
119783
122301
117351
117350
125100
125101
122300
120068
120069
118844
149646
02149647
02109025
118844
117350
117351
118822
109026
122301
122300
127738
127737
117472
109454
109455
117471
113072
114423
108975
118997
108976
120037
126374
112960
120036
126373
114242
119999
119998
114344
119435
119075
119076
/etcsystem^\s*set\s+c2audit.*=\s*1127112
127111
124998
124997
123368
111505
111504
123369
121288
121289
^.*inetd.*115553
115554
125124
125123
109896
113241
125279
125280
109354
109355
113240
119254
119255
127751
114154
117419
144488
05144489
05137097
02137098
02146486
04147440
16147441
16147713
01147714
01145125
02145125
01145124
01145124
02146835
02146834
02148625
01148626
01121429
15121428
15140388
02140387
02144489
15144488
15145199
01145198
01143559
10145802
06144488
09144489
09147182
01147183
01145802
06143559
10148601
01148602
01144489
05144488
05127872
02127873
02144536
01144537
01143559
08145802
04145962
02145961
02147435
01147434
01144489
11144488
11144500
01144501
01144488
05144489
05147440
25147440
02147441
02148165
02148166
02144328
02144327
02144501
14148949
01148948
01144488
12144489
12147440
02147441
02144488
04144489
04148955
01120740
08120739
08144489
16144488
16147716
02147715
02147266
01147267
01120544
27120543
27147440
06147441
06144489
14144488
14147441
04147440
04145044
03145045
03147155
02147440
25144053
04144054
04141105
04147673
03141104
04147674
03147440
23147441
23147434
01147435
01116960
113318
117468
116959
124259
124258
147440
12147441
12147440
02147441
02149192
01149191
01146280
01146279
01149163
01149164
01124939
05124939
05119254
80119255
80148601
01148602
01147147
26147148
26144488
05144489
05150124
01150123
01150401
01147440
21147148
26147147
26147440
26147441
26148566
01148565
01150618
02150619
02138623
04138624
04119783
24119784
24149454
02149453
02119314
42119313
41148383
01148384
01144500
01144501
01147715
04147716
04127112
127111
147147
26147148
26147441
15147440
15148407
01148408
01147441
23147440
23147441
22146018
01124394
11124393
11147674
06147673
06148242
02148241
02148407
01148408
01148889
03148888
03147148
26147147
26148693
01148694
01109329
122078
123186
114342
113579
109328
144501
01144500
01123870
SUNWsrspx125713
148768
01148769
01148113
02148112
02150118
01150117
01146803
02146802
02149165
01149166
01147441
24147440
24144891
02144892
02144500
05146329
02147147
26147148
26145796
01145797
01124922
113986
112963
109147
109148
124923
148975
01148976
01144488
08144489
08144488
08150400
03150401
03149639
02149638
02126449
126448
144489
06144488
06141591
02141590
02146674
01146673
01125534
17125533
17148028
03148027
03144500
12144501
13147440
15147441
15148870
01148871
01148888
01148889
01148027
03148028
03120095
120094
119213
119214
119813
119812
116106
124421
124420
116105
112785
112786
119067
119059
119068
119060
125794
121132
114717
114669
114716
114670
110671
110670
111845
124830
124457
124831
124458
111844
SUNWkr5ma.*kadmind112669
112668
116341
116340
120720
120719
118966
112785
112786
119067
119059
119060
119068
125101
125100
118372
114435
113451
118371
109764
116047
119596
109765
121995
118813
121316
123703
117350
116960
117125
120884
118558
120662
123704
121317
118559
119439
113278
116959
117351
118822
120661
118844
117350
118558
117351
118559
118822
118844
120329
120330
/etcpam.conf^other.*krb5.*111313
111314
116807
116808
121308
121309
118305
117470
116966
116965
114193
112945
121308
111313
111314
121309
SUNWwbmc125720
112785
119059
112786
124833
119060
119068
119067
121211
121212
/usr/share/webconsoleversion.txt2\.2\.[2345]118833
118855
113273
/etc/sshsshd_config^\s*Protocol\s+123324
/etc/sshsshd_config^\s*Protocol\s+.*1114858
123325
118844
143140
04141525
10145102
01123325
114357
123324
114356
125100
125101
.*nfsd119985
122082
/usr/X11/binXorg108652
112785
119059
108653
112786
119060
.*Xsun\b.*SUNWdtwm118953
118954
109931
109932
114219
SUNWTiffSUNWTiffx114220
119900
119901
02095005truetrue05399382true011009030109030136151017ONLINE27512808620201014\.0,.*4\.0,.*3\.6\.1,.*3\.6\.1,.*11121619171716170303ONLINE090214ONLINE2527ONLINE01655009ONLINEONLINE040610220401ONLINE0542084108071415382613140307060133343701256546114554033409automountd141523060218010204060803152311021621151833190101220102340103020542152101ONLINE16040160\brw\b3403020120080503080732292730282011010801292530055604041505061619341513140663370738090417520506010805110401192011010218040302080410233222113134020226270718192728080213111207020403311211085.713011006012006017\.0,.*7\.0,.*0304020232185001130303054802105.1064^i.*8614074924081106041821201301030402824013502262513260102032915160401093\.2\.3,.*3\.2\.3,.*3\.2\.4,.*3\.2\.4,.*2227424123041104065645020305040303040401011417625126250804060611080603030601030401023014154003193322293322292424020203030202010109100706161712354505095.8036125500224070228151203145.9110312^i.*865.10[Ss][Pp][Aa][Rr][Cc]0102019452088341085.85.95.7sparc^i.*865.100202101011110101