[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cluster 03: VEN-SUN



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- -----Original Message-----
From: Steven M. Christey [ mailto:coley@linus.mitre.org]
Sent: Thursday, June 17, 1999 2:07 PM
To: cve-review@linus.mitre.org
Subject: Cluster 03: VEN-SUN



This cluster has 18 vulnerabilities.

- ------------------------------------------
Candidate: CAN-1999-0054
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00171

Sun's ftpd daemon is subject to a denial of service

Accept
- ------------------------------------------
Candidate: CAN-1999-0055
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00172
Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL
Reference: XF:sun-libnsl

Buffer overflows in Sun libnsl allow root access.

Modify:

This vulnerability also affects other OSes, i.e. AIX 4.3 that have
ported versions of Sun's libnsl.a

ref:  IBM AIX RS6000 APAR number IX80543 

 

- ------------------------------------------
Candidate: CAN-1999-0056
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00174
Reference: XF:sun-ping

Buffer overflow in Sun's ping program can give root access to local
users.

Accept
- ------------------------------------------
Candidate: CAN-1999-0065
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00181
Reference: XF:hp-dtmail

Bug in how dtmail handles attachments allows remote attacker to
execute commands with the same privileges as the user who is
reading the message.

Modify:

This is a multiple buffer overflow vulnerability in Sun's CDE in how
dtmail handles attachments.

- ------------------------------------------
Candidate: CAN-1999-0069
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00169

Solaris ufsrestore buffer overflow.

Accept

- ------------------------------------------
Candidate: CAN-1999-0121
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00164
Reference: ERS:ERS-SVA-E01-1997:005.1

Buffer overflow in dtaction command gives root access.

Modify:  Buffer overflow also affects /usr/dt/bin/dtaction in
libDtSvc.a library in AIX 4.x, but reference for this Sun
vulnerability should only reflect the Sun Bulletin or the CIAC I-032
version of the Sun Bulletin

- ------------------------------------------
Candidate: CAN-1999-0185
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00156

In Solaris, a remote user could connect from an FTP server's
data port to an rlogin server on a host that trusts the FTP server,
allowing remote command execution.


Accept
- ------------------------------------------
Candidate: CAN-1999-0188
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00182
Reference: XF:sun-passwd-dos

The passwd command in Solaris could be subjected to a denial of
service.

Accept

- ------------------------------------------
Candidate: CAN-1999-0190
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00167

Solaris rpcbind can be exploited to overwrite arbitrary files and gain
root access.

Modify:  The way rpcbind handles indirect calls is vulnerable in this
advisory.  As there are lots of rpcbind problems, maybe should be more
specific?

- ------------------------------------------
Candidate: CAN-1999-0212
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00168

rpc.mountd in Linux and Solaris would generate error messages that
allowed an attacker to determine what files were on the server.

- ------------------------------------------
Candidate: CAN-1999-0263
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00173
Reference: XF:sun-sunwadmap

Solaris SUNWadmap can be exploited to obtain root access.

- ------------------------------------------
Candidate: CAN-1999-0296
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00162
Reference: XF:sun-volrmmount

Solaris volrmmount program allows attackers to read any file.

- ------------------------------------------
Candidate: CAN-1999-0300
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00155
Reference: XF:sun-niscache

nis_cachemgr for Solaris NIS+ allows attackers to add malicious
NIS+ servers.

- ------------------------------------------
Candidate: CAN-1999-0301
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00149
Reference: AUSCERT:AUSCERT-97.17
Reference: XF:sun-ps2bo

Buffer overflow in SunOS/Solaris ps command.

- ------------------------------------------
Candidate: CAN-1999-0302
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00176
Reference: XF:sun-ftp-server

SunOS/Solaris FTP clients can be forced to execute arbitrary commands
from a malicious FTP server.

- ------------------------------------------
Candidate: CAN-1999-0320
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00166

SunOS rpc.cmsd allows attackers to obtain root access by overwriting
arbitrary files.

- ------------------------------------------
Candidate: CAN-1999-0369
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00183

The Sun sdtcm_convert calendar utility for OpenWindows has a buffer
overflow which can gain root access.

- ------------------------------------------
Candidate: CAN-1999-0370
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUN:00184

In Sun Solaris and SunOS, man and catman contain vulnerabilities
that allow overwriting arbitrary files.



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQA/AwUBN3fZNxIUaHPadf5hEQK/ygCg0Y3N5lagoc5zg8QqRORnwozhnYUAnRPd
3B10K/pTpI54pSoC9jtDefyZ
=0G65
-----END PGP SIGNATURE-----

Page Last Updated or Reviewed: May 22, 2007