The OVAL Repository5.10.12013-08-03T07:16:21.269-04:00Solaris Xorg Privilege Escalation via Pixmaps VulnerabilitySun Solaris 9Sun Solaris 10XMultiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris Xsun and Xprt Unspecified Local Privilege EscalationSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10XsunUnspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the KSSL Kernel Module May Lead to a System PanicSun Solaris 10Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 Systems May Panic or Hang When Running Certain DTrace D ProgramsSun Solaris 10Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDBourne Shell Local-DoS VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.Robert L. HollisDRAFTINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the TCP Loopback/Fusion Code May Lead to a System Hang Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary CodeSun Solaris 10Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Apache 2 "mod_perl2" Module Components "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to DataSun Solaris 10Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary CodeSun Solaris 10Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris Trusted Extensions due to Missing Libraries may Allow Privilege EscalationSun Solaris 10Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to DataSun Solaris 10PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in lbxproxy(1) may Allow Unauthorized Read Access to FilesSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDAn Integer Overflow Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in rm(1) may Lead to Unauthorized Deletion of Files or DirectoriesSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary CodeSun Solaris 10Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDInteger Overflow Security Vulnerability in AES and RC4 Decryption in the Solaris Kerberos Crypto Library May Lead to Execution of Arbitrary Code or a Denial of Service (DoS)Sun Solaris 10Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS)Sun Solaris 8Sun Solaris 9Sun Solaris 10The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary CodeSun Solaris 10Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in GNU tar (see gtar(1)) May Lead to Files Being Overwritten, Execution of Arbitrary Code, or a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)Sun Solaris 10Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDGNU GZip CHMod File Permission Modification Race ConditionWeaknessSun Solaris 8Sun Solaris 9Sun Solaris 10gzipRace condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDSolaris and OpenSolaris products kernel component vulnerabilitySun Solaris 10Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_01 through snv_98 allows local users to affect availability via unknown vectors related to the Kernel.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSun Java System Access Manager Local Authentication Bypass VulnerabilitySun Solaris 10Sun Solaris 9Access ManagerUnspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache PoisoningSun Solaris 9Sun Solaris 10Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA vulnerability in the way named(1M) handles recursive client queries may allow a remote unprivileged user to cause named(1M) to return NXDOMAIN (Non-Existent Domain) for Internet hosts thus causing a Denial of Service (DoS) for those hosts to end usersSun Solaris 9Sun Solaris 10ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMIT Kerberos 5 Key Distribution Center Remote Denial of Service VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10KerberosHeap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSun Management Center Product VulnerabilitySun Solaris 10Unspecified vulnerability in the Sun Management Center component in Oracle Sun Product Suite 3.6.1 and 4.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Solaris Container Manager.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris and OpenSolaris products Trusted Extensions component vulnerabilitySun Solaris 10Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_134 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Trusted Extensions.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris Privilege Escalation/DoS Vulnerability (6293270)Sun Solaris 9Sun Solaris 10Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSolaris and OpenSolaris Products /dev/ucode Component VulnerabilitySun Solaris 10The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris Trusted Extensions may Prevent XScreenSaver (xscreensaver(1)) From RunningSun Solaris 10Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the "restart daemon."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Regression in the Solaris 10 Gnome-XScreenSaver (see xscreensaver(1)) may Allow Pop-up Windows to Appear through XScreenSaver when the Accessibility Feature is OnSun Solaris 10XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDlpsched Local System Corruption VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDA security vulnerability in Solaris Sockets Direct Protocol (SDP) driver (sdp(7D)) may allow a local or remote unprivileged user to exhaust all kernel memorySun Solaris 10Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Weakness in Solaris Trusted Extensions May Facilitate Privilege EscalationSun Solaris 10Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris pollwakeup(9F) May Allow an Unprivileged User to Panic the SystemSun Solaris 10Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris IP Filter (ipf(5)) May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris SCTP Packet Processing may Lead to a System Panic Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris rpc.nisd(1M) Daemon may Cause a Denial of Service (DoS) Condition to a NIS+ ServerSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS)Sun Solaris 10PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the libxml2 Library Routines xmlBufferResize() May Lead to Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8, 9, 10 Blind Connection Reset Attack VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDPai PengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the libxml2 Library Routines xmlSAX2Characters() May Lead to Arbitrary Code Execution or Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris keysock Kernel Module may Lead to a System PanicSun Solaris 10Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris dircmp(1) Shell Script may Allow Overwriting of Arbitrary FilesSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Solaris lpadmin(1M) and ppdmgr(1M) Utilities May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Kerberos Incremental Propagation May Lead to a Denial of Service (DoS) Against Slave KDC SystemsSun Solaris 10Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDRace Condition Security Vulnerability in Solaris Auditing Related to Extended File Attributes May Allow Local Unprivileged Users to Panic the SystemSun Solaris 9Sun Solaris 10Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris Kernel Involving the Interaction of the Filesystem and Virtual Memory SubsystemsSun Solaris 8Sun Solaris 9Sun Solaris 10The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Simple Authentication and Security Layer (SASL) Library Bundled with the Java Enterprise System (JES) may Allow Unprivileged Users to Crash Applications Using the sasl_encode64 FunctionSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability with IKE Packet Handling in Solaris libike Library may Lead to a Crash of in.iked(1M)Sun Solaris 9Sun Solaris 10libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris ip(7P) Kernel Module's IP-in-IP Packet Processing May Lead to a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris SSH May Allow Unauthorized Access to X11 SessionsSun Solaris 9Sun Solaris 10OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris Pseudo-terminal Driver (pty(7D)) may Cause a System PanicSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris IP(7p) Implementation, Related to Minor Number Allocation, may Lead to a Denial of Service (DoS) ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerability in the Virtual Host Manager in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Cross Site Scripting (XSS).Sun Solaris 9Sun Solaris 10Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the X Inter Client Exchange Library (libICE) Shipped With Solaris May Allow a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerability in the HttpServletResponse.sendError method in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Cross Site Scripting (XSS).Sun Solaris 9Sun Solaris 10Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)Sun Solaris 10Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris "autofs" Kernel Module may Allow a Local Unprivileged User to Execute Arbitrary CodeSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSUNRAS Plugin of Gimp VulnerabilitySun Solaris 9Sun Solaris 10Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris IP Tunnel Parameter Processing May Lead to a System Panic or Possible Execution of Arbitrary Code by Unprivileged UsersSun Solaris 10tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the DNS Protocol May Lead to DNS Cache PoisoningSun Solaris 8Sun Solaris 9Sun Solaris 10The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the OpenSSL PKCS#11 Engine May Result in Denial of Service (DoS) Due to a Corrupted Session CacheSun Solaris 10The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 10Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDTwo Race Condition Vulnerabilities in the Solaris Event Port API May Allow Local Users to Panic the System, Causing a Denial of Service (DoS)Sun Solaris 10Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDManipulated Tag Files used with Solaris Text Editors May Lead to Execution of Arbitrary CodeSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Directory Traversal.Sun Solaris 9Sun Solaris 10Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability May Allow Popup Windows to Appear Through the Solaris XScreenSaver Program on Xorg(1) ServersSun Solaris 8Sun Solaris 9Sun Solaris 10XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in DHCP Handling of DHCP Requests May Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP ServiceSun Solaris 8Sun Solaris 9Sun Solaris 10Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDPCX Plugin of Gimp VulnerabilitySun Solaris 9Sun Solaris 10Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Management of Solaris Kerberos (see kerberos(5)) may Lead to a User Denial of Service (DoS) AttackSun Solaris 8Sun Solaris 9Sun Solaris 10The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDPSD Plugin of Gimp vulnerabilitySun Solaris 9Sun Solaris 10Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the Solaris 10 Event Port Implementation May Lead to a System Panic, Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris snoop(1M) when Displaying SMB TrafficSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in IP Multicast Filter processing of Sockets may lead to a system panic or possible execution of Arbitrary CodeSun Solaris 10Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDThe Solaris rpc.metad(1M) Daemon is Vulnerable to a Denial of Service (DoS) AttackSun Solaris 9Sun Solaris 10rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris sendfile(3EXT) and sendfilev(3EXT) Extended Library Functions may Result in a Denial of Service (DoS) Condition due to a System PanicSun Solaris 8Sun Solaris 9Sun Solaris 10The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in DHCP Handling of DHCP Requests May Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP ServiceSun Solaris 8Sun Solaris 9Sun Solaris 10in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability With the Solaris Crypto Driver May Cause a System PanicSun Solaris 10The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the ACL (acl(2)) Implementation for UFS File Systems May Allow a Local User to Panic the SystemSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the namefs Kernel module may result in Arbitrary Code Execution or a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10."Sun Solaris 10Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Simplified Chinese, Traditional Chinese, Korean, and Thai Language Input MethodsSun Solaris 10The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in FreeType 2 Font Engine May Allow Privilege Escalation Due to Heap OverflowSun Solaris 8Sun Solaris 9Sun Solaris 10Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability May Allow Firewall Compromise or Creation of Denial of Service (DoS) ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Solaris lpadmin(1M) and ppdmgr(1M) Utilities May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporary files.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDTwo Security Vulnerabilities Exist Within the cpc(3CPC) Sub-System of the Solaris KernelSun Solaris 10Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the USB Mouse STREAMS Module May Lead to a System PanicSun Solaris 9Sun Solaris 10Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDCovert Channel Security Vulnerability in the Solaris KernelSun Solaris 8Sun Solaris 9Sun Solaris 10The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 DTrace Dynamic Tracing Framework May Allow Unauthorized Kernel Level TracingSun Solaris 10Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Solaris Priority Inherited pthread mutex API May Result in a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 Related to the dotoprocs() RoutineSun Solaris 10Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris X Server May Lead to Unauthorized Disclosure of Information on Access Restricted Files and DirectoriesSun Solaris 8Sun Solaris 9Sun Solaris 10X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in inetd(1M) Daemon When Debug Logging is EnabledSun Solaris 10inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 STREAMS Administrative Driver ("sad") May Allow a Denial of Service (System panic)Sun Solaris 10Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() FunctionSun Solaris 10Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris snoop(1M) when Displaying SMB TrafficSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in Solaris Print Service May Lead to Denial of Service (DoS) or Execution of Arbitrary CodeSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Denial of Network Services Due to Network FloodingSun Solaris 10Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)Sun Solaris 10Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the libxml2 Library May Lead to a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in libdevinfo(3LIB) May Allow Unauthorized Access to Files on the SystemSun Solaris 10Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Panic and Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris 10 involving the sendfilev() system call could result in Denial of Service (DoS) due to System PanicSun Solaris 10Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Floating Point Context Switch Implementation May Result in a Denial of Service (DoS) or Data Integrity IssuesSun Solaris 9Sun Solaris 10Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Handling of Self Encapsulated IP Packets may Lead to a Denial of Service (DOS) Condition.Sun Solaris 8Sun Solaris 9Sun Solaris 10Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris 10 libexif May Allow Code Execution or a Denial of Service (DoS) ConditionSun Solaris 10Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary CodeSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.Nicholas HansenDRAFTINTERIMDragos PrisacaACCEPTEDACCEPTEDSolaris 8, 9, 10 ICMP Source Quench Attack VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDPai PengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated PrivilegesSun Solaris 10The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated PrivilegesSun Solaris 10Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris Volume Manager (SVM) May Allow a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDMIT Kerberos 5 Key Distribution Center Remote Denial of Service VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10KerberosMIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSun Java System Access Manager Local Authentication Bypass VulnerabilitySun Solaris 10Sun Solaris 9Sun Solaris 8Access ManagerUnspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.Pai PengDRAFTINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))Sun Solaris 8Sun Solaris 9Sun Solaris 10Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in Solaris Kernel Statistics Retrieval Process May Allow a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 patchadd T-patch IssueSun Solaris 10patchaddThe patchadd facility for Solaris 10 fails to install T-patches. Sun sometimes releases a T-patch as a temporary version of a patch prior to the final release of that patch. While this flaw does not directly represent a vulnerability, it does prevent the timely application of some (possibly critical) updates.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 BIND: Susceptible to Cache Poisoning AttackSun Solaris 10ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDLocal Users May be Able to Hang Systems That Have Loaded The Kernel Debugger kmdb(1)Sun Solaris 10Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Handling of Thread Contexts in the Solaris Kernel May Allow a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in X Display Manager (xdm(1)) Xsession ScriptSun Solaris 8Sun Solaris 9Sun Solaris 10The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris HostSun Solaris 10Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 TCP Fusion Code May Lead to a System Panic, Resulting in a Denial of Service (DoS)Sun Solaris 10The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSun Solaris Unspecified x86 64 Bit Local Denial Of ServiceVulnerabilitySun Solaris 10Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDA Security Vulnerability With the Special File System (SPECFS) strfreectty() Function May Allow a Local Unprivileged User to Panic a SystemSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris Named Pipes (pipe(2)) May Allow Unauthorized Data AccessSun Solaris 8Sun Solaris 9Sun Solaris 10Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability Due to Buffer Overflow in The format(1M) Command May Allow Privilege Elevation For Certain RBAC ProfilesSun Solaris 8Sun Solaris 9Sun Solaris 10Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris libsldap Library May Allow a Denial of Service to nscd(1M)Sun Solaris 8Sun Solaris 9Sun Solaris 10The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the TCP Implementation of Solaris 10 Systems May Result in a System Panic Under High TCP/IP TrafficSun Solaris 10Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.Gyesi AmaniampongDRAFTINTERIMACCEPTEDACCEPTEDVulnerability With Solaris IPv6 May Allow a Remote User the Ability to Create a Denial of Service ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris Auditing (BSM) Related to Network Auditing May Lead to Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in The Solaris Event Port API May Result in a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the tip(1) Command May Allow Execution of Arbitrary Code With Elevated PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris 10 inetd(1M) Service May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.Pai PengDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Human Interface Device (HID) Class Driver for SolarisSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDdtsession(1X) Contains a Buffer Overflow VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDpkgadd(1M) May Set Incorrect Permissions if The pkgmap(4) File Contains a "?" in The "Mode" FieldSun Solaris 10pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the vuidmice(7M) STREAMS Modules May Lead to a Denial of Service (DoS) ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)Sun Solaris 8Sun Solaris 9Sun Solaris 10Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in NFS Client Module May Lead to a Denial of Service ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.John WregglesworthDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 Virtual File System (VFS) may Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability With NIS server ypserv(1M) May Allow a Denial of Service (DoS) to OccurSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Sun Remote Services (SRS) Net Connect SoftwareSun Solaris 8Sun Solaris 9Sun Solaris 10srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 Link Aggregation may Allow Local Users Total Access to Network PacketsSun Solaris 10Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Solaris Trusted Extensions "labeld" Service May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in How xscreensaver(1) Interacts With GNOME Assistive Technology May Allow Arbitrary Command ExecutionSun Solaris 10xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Netscape Portable Runtime (NSPR) API Affects SolarisSun Solaris 10The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)Sun Solaris 8Sun Solaris 9Sun Solaris 10Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDBuffer Overflow Vulnerability in libX11Sun Solaris 8Sun Solaris 9Sun Solaris 10Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the rcp(1) Command May Allow Execution of Unintended CommandsSun Solaris 8Sun Solaris 9Sun Solaris 10rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in X Display Manager (xdm(1)) Xsession ScriptSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Kerberos Administration Daemon (kadmind(1M)) May Lead to Arbitrary Code ExecutionSun Solaris 9Sun Solaris 10Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.Nicholas HansenDRAFTINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDACCEPTEDSun Solaris Gzip Race condition and Directory Traversal IssuesSun Solaris 8Sun Solaris 9Sun Solaris 10gzipDirectory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDX.Org Privilege Escalation Vulnerability in X11R6.9, X11R7.0Sun Solaris 10X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in libX11 for SolarisSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Logging Mechanism for Solaris Management Console (SMC) May Lead to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability Relating to the acl(2) System Call May Allow Denial of Service (DoS) to the SystemSun Solaris 10Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability With RSA Signature Affects Solaris Applications Utilizing the libike LibrarySun Solaris 9Sun Solaris 10The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCD Drive DoS VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris Kernel May Allow a Denial of Service (DoS) Condition to OccurSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDpagedata Subsystem Local DoS VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSolaris 10 find on /proc panic DoS VulnerabilitySun Solaris 10Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDKerberos Command Execution Vulnerability rexec DaemonSun Solaris 10XUnspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSMC TRACE HTTP VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Solaris Management ConsoleThe default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in IPv6 Implementation (ip6(7p)) Related to the Handling of IPsec Packets may Lead to a System Panic, Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSolaris Hosts are Vulnerable to a Denial of Service Induced by an Internet Transmission Control Protocol (TCP) "ACK Storm"Sun Solaris 8Sun Solaris 9Sun Solaris 10The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris 10 Loopback FileSystem (LOFS) May Allow Files in a Non-global Zone to be Moved or Renamed From a Read-Only FileystemSun Solaris 10The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Authentication Mechanism for Solaris Management Console (SMC) May Lead to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)Sun Solaris 8Sun Solaris 9Sun Solaris 10Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8 (x86) is installedSun Solaris 8The operating system installed on the system is Sun Solaris 8 for x86.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8 (SPARC) is installedSun Solaris 8The operating system installed on the system is Sun Solaris 8 for SPARC.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDFormat string vulnerability in Sun Java Web ConsoleSun Solaris 10Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.Pai PengDRAFTINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris 10 ICMP Handling May Allow a SystemPanic and Result in Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the sshd(1M) Protocol Version 1 Implementation May Allow a Denial of Service to the HostSun Solaris 9Sun Solaris 10sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDDeprecated in favor of oval:org.mitre.oval:def:219.Sun Solaris 10Operating SystemUnspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikDEPRECATEDDEPRECATEDSecurity Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSLSun Solaris 10The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vernulbility Relating to scp(1) Command May Allow Attackers to Execute Arbitrary CommandsSun Solaris 9Sun Solaris 10scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDSolaris 9 (x86) is installedSun Solaris 9The operating system installed on the system is Sun Solaris 9 for x86.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris 9 (SPARC) is installedSun Solaris 9The operating system installed on the system is Sun Solaris 9 for SPARC.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 NFS XDR Handling May Allow a Denial of Service to NFS ServersSun Solaris 10Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 (x86) is installedSun Solaris 10The operating system installed on the system is Sun Solaris 10 for x86.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 (SPARC) is installedSun Solaris 10The operating system installed on the system is Sun Solaris 10 for SPARC.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDPerl Format String Integer Overflow VulnerabilitySun Solaris 10PerlInteger overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris Xsun Privilege Escalation via Pixmaps VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10XMultiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff Directory Entry Count Integer Overflow VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffInteger overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff Malloc Error Denial of ServiceSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffMultiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff tif_dirread divide-by-zero Denial of ServiceSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffVulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff RLE Decoder Buffer Overflow VulnerabilitiesSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffMultiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRough translation of the Sun recommended test of: % grep default_realm /etc/krb5/krb5.conf | grep -v ___default_realm___ default_realm = EXAMPLE.COM118908
112785
119059
/usr/openwin/binXprt119060
112786
108652
108653
/usr/openwin/binXsun^.*kssl.*121475
121474
125101
125100
109324
118535
121004
109325
118536
121005
125101
118855
125100
118833
143502
01143503
01/etc/apache2httpd.confPerlResponseHandler.+ModPerl::PerlRunsvc:/network/http:apache2120544
15120543
15119067
119060
112786
119059
119068
112785
143511
01143510
01123373
123372
124970
124245
124969
124244
141501
07141500
06/etc/krb5krb5.conf^[^#_]*default_realm[^=]*=[^_]*$119211
22119212
22119213
21SUNWtls119214
21119209
22143506
01143507
01SUNWPython118191
04118192
04139100
03139099
03125333
08125332
08120739
06120740
06138889
01138888
01120955
119783
14119784
14112837
21114265
20119784
15/etcnamed.conftrusted\-keys119783
15125833
05SUNWessrv139613
01143314
02120095
25120461
16125533
15122470
03119907
15120094
25122212
36122471
03119906
15120460
16122213
36125534
15112234
117172
143913
01127128
11125533
14125534
14120094
28120094
27120095
29120095
27120094
29120095
28109320
109321
113329
114890
120467
120468
^/etc/lp/printers/.*127127
11141445
09127128
11141444
09126364
08svc:/system/labeld:default126363
08141414
141415
125015
125014
120011
141021
141020
120012
svc:/network/ipfilter:default120272
120273
SUNWsmagtsvc:/application/management/sma:default141415
141414
112960
114242
128624
140917
rpc\.nisd128625
140918
svc:/network/rpc/nisplus:defaultsvc:/application/database/postgresql138827
138826
SUNWpostgr-83SUNWpostgr-82123590
136999
136998
123591
SUNWpostgr114014
125732
114015
125731
141008
141009
138896
140837
138897
140838
141014
141015
krb5_prop138371
138372
140922
140921
122301
/etcsystem^[^*].+c2audit122300
139555
139556
119346
SUNWsasl115343
115328
115342
119345
114435
113451
/etc/inet/ikeconfig140196
140414
114344
119435
138889
138888
126133
/etc/sshsshd_config^\s*X11Forwarding\s+no\s*114357
114356
/etc/sshsshd_config^\s*X11Forwarding\s+yes\s*126134
^.*sshd.*140383
140384
113685
140427
113686
140426
116966
138889
116965
114344
138888
119435
112785
119067
119059
119068
119060
112786
139099
128624
139560
116053
113318
128625
autofs139561
138889
138888
114265
/usr/sbin/in.named112837
109327
109326
119784
119783
139459
138863
122213
122212
141414
141415
116479
113031
120831
120830
110904
110903
114016
122911
SUNWtcatr114017
122912
.*Xorg\b.*115158
SUNWxwsvr120095
120094
115299
115159
115298
109077
112837
109078
114265
138876
138877
115168
112908
109806
139479
109805
139478
121775
122212
122213
137112
137111
138882
116669
138574
138632
141414
122300
127722
127721
141415
122301
138876
109077
114265
109078
138877
svc:/network/dhcp-server:default112837
139498
139499
117351
139484
139483
122300
117350
/etcmnttab^[^\t]+\t[^\t]+\tufs\t(.+)122301
136717
114984
114971
114985
138570
136716
141733
141734
120413
SUNWtleu120414
120415
SUNWhleu2120412
SUNWkleuSUNWhkleuSUNWcleu2124420
119812
116106
124421
116105
119813
114344
116966
118822
116965
118844
119435
139390
127127
127128
139391
127111
127112
123402
123403
115553
115554
122301
117350
137111
122300
137112
117351
120011
120012
137112
137111
/etcsystemset\s+snooping\s*=\s*1\s114678
119810
114677
119811
138372
138371
112237
115168
112908
112238
112240
112390
127112
127111
112785
119060
125719
119059
119068
119067
118908
125720
112786
/usr/openwin/binXsun127719
127718
/var/tmpinetd.log127744
120012
120011
127743
127112
127111
108965
112915
138083
108964
114262
138084
113329
109321
127128
114980
109320
127127
139100
114014
125731
125732
114015
118833
118855
125251
125252
127127
127128
137111
137112
122301
127111
116965
119435
127112
116966
114344
121095
121096
137017
137018
109008
109007
122301
122300
117470
116966
116965
118822
118305
118562
121230
121229
118563
113073
118559
113026
122371
113994
126257
124256
116669
112238
SUNWCryr112390
115168
112237
120469
112240
112537
120470
112908
112536
SUNWCry120954
SUNWamsvc118855
127111
118833
127112
126661
126662
126929
126928
113318
117468
127112
122301
117351
117350
127111
122300
119255
119254
SUNWbind119784
119783
122301
117351
117350
125100
125101
122300
120068
120069
118844
109025
118844
117350
117351
118822
109026
122301
122300
127738
127737
117472
109454
109455
117471
113072
114423
108975
118997
108976
120037
126374
112960
120036
126373
114242
119999
119998
114344
119435
119075
119076
/etcsystem^\s*set\s+c2audit.*=\s*1127112
127111
124998
124997
123368
111505
111504
123369
121288
121289
^.*inetd.*115553
115554
125124
125123
109896
113241
125279
125280
109354
109355
113240
119254
119255
127751
114154
117419
116960
113318
117468
116959
124259
124258
127112
127111
109329
122078
123186
114342
113579
109328
123870
SUNWsrspx125713
124922
113986
112963
109147
109148
124923
126449
126448
120095
120094
119213
119214
119813
119812
116106
124421
124420
116105
112785
112786
119067
119059
119068
119060
125794
121132
114717
114669
114716
114670
110671
110670
111845
124830
124457
124831
124458
111844
SUNWkr5ma.*kadmind112669
112668
116341
116340
120720
120719
118966
112785
112786
119067
119059
119060
119068
125101
125100
118372
114435
113451
118371
109764
116047
119596
109765
121995
118813
121316
123703
117350
116960
117125
120884
118558
120662
123704
121317
118559
119439
113278
116959
117351
118822
120661
118844
117350
118558
117351
118559
118822
118844
120329
120330
/etcpam.conf^other.*krb5.*111313
111314
116807
116808
121308
121309
118305
117470
116966
116965
114193
112945
121308
111313
111314
121309
SUNWwbmc125720
112785
119059
112786
124833
119060
119068
119067
121211
121212
/usr/share/webconsoleversion.txt2\.2\.[2345]118833
118855
113273
/etc/sshsshd_config^\s*Protocol\s+123324
/etc/sshsshd_config^\s*Protocol\s+.*1114858
123325
118844
143140
04141525
10145102
01123325
114357
123324
114356
125100
125101
.*nfsd119985
122082
/usr/X11/binXorg108652
112785
119059
108653
112786
119060
.*Xsun\b.*SUNWdtwm118953
118954
109931
109932
114219
SUNWTiffSUNWTiffx114220
119900
119901
02095005truetrue05399382true011009030109030136151017ONLINE27512808620201014\.0,.*4\.0,.*3\.6\.1,.*3\.6\.1,.*11121619171716170303ONLINE090214ONLINE2527ONLINE01655009ONLINEONLINE040610220401ONLINE0542084108071415382613140307060133343701256546114554033409automountd141523060218010204060803152311021621151833190101220102340103020542152101ONLINE16040160\brw\b3403020120080503080732292730282011010801292530055604041505061619341513140663370738090417520506010805110401192011010218040302080410233222113134020226270718192728080213111207020403311211085.713011006012006017\.0,.*7\.0,.*0304020232185001130303054802105.1064^i.*8614074924081106041821201301030402824013502262513260102032915160401093\.2\.3,.*3\.2\.3,.*3\.2\.4,.*3\.2\.4,.*2227424123041104065645020305040303040401011417625126250804060611080603030601030401023014154003193322293322292424020203030202010109100706161712354505095.8036125500224070228151203145.9110312^i.*865.10[Ss][Pp][Aa][Rr][Cc]0102019452088341085.85.95.7sparc^i.*865.100202101011110101