Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.

Solaris ff.core allows local users to modify files.

The passwd command in Solaris can be subjected to a denial of service.

Vacation program allows command execution by remote users through a sendmail command.

Buffer overflow in Sun's ping program can give root access to local users.

SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.

Sun's ftpd daemon can be subjected to a denial of service.

Buffer overflow in NIS+, in Sun's rpc.nisd program.

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

Buffer overflows in Sun libnsl allow root access.