| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-1999-0010 |
|
|
DoS |
1998-04-08 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
|
2 |
CVE-1999-0015 |
|
|
DoS |
1997-12-16 |
2018-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Teardrop IP denial of service. |
|
3 |
CVE-1999-0016 |
|
|
DoS |
1997-12-01 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Land IP denial of service. |
|
4 |
CVE-1999-0019 |
|
|
|
1996-04-24 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Delete or create a file via rpc.statd, due to invalid information. |
|
5 |
CVE-1999-0024 |
|
|
|
1997-08-13 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
DNS cache poisoning via BIND, by predictable query IDs. |
|
6 |
CVE-1999-0054 |
|
|
DoS |
1998-06-10 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Sun's ftpd daemon can be subjected to a denial of service. |
|
7 |
CVE-1999-0104 |
|
|
DoS |
1997-12-16 |
2018-08-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
|
8 |
CVE-1999-0125 |
|
|
Overflow |
1998-01-25 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in SGI IRIX mailx program. |
|
9 |
CVE-1999-0128 |
|
|
DoS |
1996-12-18 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. |
|
10 |
CVE-1999-0129 |
|
|
|
1996-12-03 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
|
11 |
CVE-1999-0143 |
|
|
|
1996-02-21 |
2020-01-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. |
|
12 |
CVE-1999-0164 |
|
|
|
1995-08-29 |
2008-09-09 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
|
13 |
CVE-1999-0167 |
|
|
|
1991-12-06 |
2008-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
|
14 |
CVE-1999-0209 |
|
|
|
1990-08-14 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SunView (SunTools) selection_svc facility allows remote users to read files. |
|
15 |
CVE-1999-0211 |
|
|
|
1994-02-14 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. |
|
16 |
CVE-1999-0217 |
|
|
|
1997-01-01 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. |
|
17 |
CVE-1999-0263 |
|
|
|
1998-07-16 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Solaris SUNWadmap can be exploited to obtain root access. |
|
18 |
CVE-1999-0273 |
|
|
DoS |
1998-01-01 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service through Solaris 2.5.1 telnet by sending ^D characters. |
|
19 |
CVE-1999-0303 |
|
|
Overflow |
1998-05-21 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. |
|
20 |
CVE-1999-0345 |
|
|
DoS |
1997-01-01 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. |
|
21 |
CVE-1999-0370 |
|
|
|
1999-02-10 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files. |
|
22 |
CVE-1999-0513 |
|
|
DoS |
1998-01-05 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
|
23 |
CVE-1999-0676 |
|
|
|
1999-08-09 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. |
|
24 |
CVE-1999-0786 |
|
|
|
1999-09-22 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
|
25 |
CVE-1999-0848 |
|
|
DoS |
1999-11-10 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in BIND named via consuming more than "fdmax" file descriptors. |
|
26 |
CVE-1999-0908 |
|
|
DoS |
1999-09-23 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. |
|
27 |
CVE-1999-1014 |
|
|
Overflow +Priv |
1999-09-13 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. |
|
28 |
CVE-1999-1023 |
|
|
|
1999-06-10 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired. |
|
29 |
CVE-1999-1025 |
|
|
|
1998-11-12 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string. |
|
30 |
CVE-1999-1122 |
|
|
+Priv |
1989-07-26 |
2018-05-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. |
|
31 |
CVE-1999-1258 |
|
|
+Info |
1991-01-15 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information. |
|
32 |
CVE-1999-1388 |
|
|
|
1994-05-13 |
2008-09-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument. |
|
33 |
CVE-1999-1413 |
|
|
|
1996-08-03 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg. |
|
34 |
CVE-1999-1468 |
|
|
+Priv |
1991-10-22 |
2008-09-10 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. |
|
35 |
CVE-2000-0030 |
|
|
|
1999-12-22 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. |
|
36 |
CVE-2001-0059 |
|
|
|
2001-02-12 |
2018-10-30 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack. |
|
37 |
CVE-2001-0421 |
|
|
|
2001-07-02 |
2018-10-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition. |
|
38 |
CVE-2001-0548 |
|
|
Overflow +Priv |
2001-08-14 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. |
|
39 |
CVE-2001-0565 |
|
|
Overflow +Priv |
2001-08-14 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option. |
|
40 |
CVE-2001-0594 |
|
|
Overflow +Priv |
2001-08-02 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. |
|
41 |
CVE-2001-0595 |
|
|
Exec Code Overflow |
2001-08-02 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program. |
|
42 |
CVE-2001-1244 |
|
|
DoS |
2001-07-07 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. |
|
43 |
CVE-2001-1555 |
|
|
|
2001-12-31 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY. |
|
44 |
CVE-2002-0085 |
|
|
DoS |
2002-03-15 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request. |
|
45 |
CVE-2002-1199 |
|
|
Dir. Trav. |
2002-10-28 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. |
|
46 |
CVE-2002-1228 |
|
|
DoS |
2002-10-28 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon. |
|
47 |
CVE-2002-1323 |
|
|
|
2002-12-11 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. |
|
48 |
CVE-2002-1345 |
|
|
Dir. Trav. |
2002-12-23 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences. |
|
49 |
CVE-2002-1585 |
|
|
DoS |
2002-11-08 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic. |
|
50 |
CVE-2002-1763 |
|
|
|
2002-12-31 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session. |
