Monthly Archive: February 2005

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying...

Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption). Date published : 2005-02-08 http://www.securityfocus.com/bid/7454 http://secunia.com/advisories/8686/

rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying...

Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash). Date published : 2005-02-08 http://www.securityfocus.com/bid/7455 http://secunia.com/advisories/8685/

The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop). Date published : 2005-02-08 http://www.securityfocus.com/bid/7794 http://secunia.com/advisories/8935/

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082. Date published : 2005-02-08 http://www.securityfocus.com/bid/7835 http://www.ciac.org/ciac/bulletins/n-105.shtml

Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments...

Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets. Date published...

Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash). Date published : 2005-02-08 http://www.securityfocus.com/bid/8253 http://sunsolve.sun.com/search/document.do?assetkey=1-26-55340-1

Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet. Date published : 2005-02-08 http://www.securityfocus.com/bid/8250 http://www.kb.cert.org/vuls/id/370060

The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the...

Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory. Date published : 2005-02-08 http://www.securityfocus.com/bid/8831...

Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines. Date published : 2005-02-08 http://www.securityfocus.com/bid/8836...

The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference. Date published : 2005-02-08...