Security

Main | Next page »

20 May 2008 Sun UK End to End Data Security briefing
posted by Darren J Moffat in General

Sun UK is running a morning briefing on End to End to Security. The event is on Thursday 5th June in the London Customer Briefing Center (for LOSUG people this is the same place we meet). Details and registration information can be found here. Dave Walker and I are among the speakers.

-- Darren

tags: briefing security uk

Permalink | Comments [0]

19 May 2008 Sun Alert 238004 SUN ALERT WEEKLY SUMMARY REPORT - Week of 11-May-2008 to 17-May-2008
posted by Sun Security Coordination Team in Alerts

Product:

State: Workaround

First released: 19-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238004-1

Permalink | Comments [0]

16 May 2008 Sun not impacted by OpenSSL random number generator weakness vulnerability (CVE-2008-0166)
posted by Sun Security Coordination Team in Alerts

Sun is not affected by the OpenSSL random number generator weakness vulnerability described in CVE-2008-0166 and CERT Vulnerability Note VU#925211. The versions of OpenSSL bundled with Solaris 10, Nevada, and OpenSolaris are not impacted by this issue. Permalink | Comments [0]

13 May 2008 Sun Alert 237724 SUN ALERT WEEKLY SUMMARY REPORT - Week of 04-May-2008 to 10-May-2008
posted by Sun Security Coordination Team in Alerts

Product:

State: Workaround

First released: 13-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237724-1

Permalink | Comments [0]

12 May 2008 Sun Alert 236884 Security Vulnerabilities in Solaris Print Service May Lead to Denial of Service (DoS) or Execution of Arbitrary Code
posted by Sun Security Coordination Team in Alerts

Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System

Security vulnerabilities in the Solaris print service may allow a remote unprivileged user the ability to run arbitrary code as root or�� cause�� a Denial of Service (DoS) condition.

State: Resolved

First released: 09-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236884-1

Permalink | Comments [0]

08 May 2008 Sun Alert 231467 Cross-Site Scripting Vulnerability in Sun Java System Web Server Search Module
posted by Sun Security Coordination Team in Alerts

Product: Sun Java System Web Server 7.0 Update 2, Sun Java System Web Server 6.1 Service Pack 9

A cross-site scripting (XSS) vulnerability in the Sun Java System Web Server search module may allow a local or remote unprivileged user the ability to execute arbitrary scripts on the system hosting the web server.

State: Resolved

First released: 06-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231467-1

Permalink | Comments [0]

06 May 2008 Sun Alert 201255 JSP Source Code Disclosure Vulnerability Affects Sun Java System Application Server and Web Server
posted by Sun Security Coordination Team in Alerts

Product: Sun Java System Application Server Standard Edition 7 2004Q2, Sun Java System Web Server 7.0, Sun Java System Web Server 6.1, Sun Java System Application Server Enterprise Edition 7 2004Q2

A vulnerability in Sun Java System Application Server and Sun Java System Web Server may allow unauthorized users to view the JSP source code.

State: Resolved

First released: 06-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201255-1

Permalink | Comments [0]

06 May 2008 Sun Alert 237465 Security Vulnerabilities in the Tcl GUI Toolkit Library may lead to arbitrary code execution or Denial of Service (DoS)
posted by Sun Security Coordination Team in Alerts

Product: Solaris 9 Operating System, Solaris 10 Operating System

Multiple security vulnerabilities in the Tcl GUI Toolkit (libtk(3LIB)) may allow a remote unprivileged user who provides a specially crafted GIF image to cause a denial of service (DoS) to applications using the libtk library to process images or execute arbitrary code with the privileges of the user running such applications.

Additional information regarding these issues is available at:

CVE-2008-0553 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553

CVE-2007-5378 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378

State: Resolved

First released: 06-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237465-1

Permalink | Comments [0]

06 May 2008 Sun Alert 236944 A Security Vulnerability in Sun Ray Kiosk Mode 4.0 May Allow Escalation of Privileges
posted by Sun Security Coordination Team in Alerts

Product: Sun Ray Server Software 4.0

A security vulnerability in the Sun Ray Kiosk Mode software included with Sun Ray Server Software (SRSS) 4.0 may allow a local or remote user with Sun Ray administration privileges to execute arbitrary commands with root privileges.

State: Resolved

First released: 06-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236944-1

Permalink | Comments [0]

06 May 2008 Sun Alert 200864 Security Vulnerability in the TCP Implementation of Solaris Systems May Allow a Denial of Service When Accepting New Connections While Undergoing a TCP "SYN Flood" Attack
posted by Sun Security Coordination Team in Alerts

Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System

A security vulnerability in the TCP implementation of Solaris 8, 9 and 10 may allow a remote unprivileged user to cause a Solaris system which is undergoing a "TCP SYN" flood condition to be slow to accept new network connections.�� Such network connections may time out without establishing a connection.�� This would lead to a Denial of Service (DoS) to the network services provided by that system. In addition, a uniprocessor system may also experience overall slowdown due to high CPU usage, resulting in a Denial of Service to the system as a whole.

State: Resolved

First released: 06-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200864-1

Permalink | Comments [0]

05 May 2008 Sun Alert 237504 SUN ALERT WEEKLY SUMMARY REPORT - Week of 27-Apr-2008 to 03-May-2008
posted by Sun Security Coordination Team in Alerts

Product:

State: Workaround

First released: 05-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237504-1

Permalink | Comments [0]

05 May 2008 Sun Alert 237444 Security Vulnerability in Solaris SSH May Allow Unauthorized Access to X11 Sessions
posted by Sun Security Coordination Team in Alerts

Product: Solaris 9 Operating System, Solaris 10 Operating System

A security vulnerability related to X11 forwarding within the SSH product shipped with Solaris may allow a local unprivileged user to gain unauthorized access to another user's X11 session. This may allow execution of code with the privileges of that user or may result in the disclosure of sensitive data related to the user's session.

This issue is also referenced in the following document:

CVE-2008-1483 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483

State: Workaround

First released: 05-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237444-1

Permalink | Comments [0]

05 May 2008 Sun Alert 233623 Cross Site Scripting (XSS) Vulnerabilities in the Apache 1.3 and 2.0 "mod_imap" and "mod_status" Modules
posted by Sun Security Coordination Team in Alerts

Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System

Two security vulnerabilities have been found in the Apache HTTP server which affect the Apache 2.0 web server bundled with Solaris 10 and the Apache 1.3 web server bundled with Solaris 8, Solaris 9 and Solaris 10.

The first issue, a Cross Site Scripting (CSS or XSS) vulnerability in the "mod_imap" Apache server module (CVE-2007-5000), may allow a local or remote unprivileged user to inject arbitrary web script or HTML. This may allow the unprivileged user to bypass access control and gain access to unauthorized data.

The second issue, a Cross Site Scripting (CSS or XSS) vulnerability in the "mod_status" Apache server module (CVE-2007-6388), may allow a local or remote unprivileged user to inject arbitrary web script or HTML. This may allow the unprivileged user to bypass access control and gain access to unauthorized data.

Additional information regarding these issues is available at:

The Change Log for Apache 2.0 at http://www.apache.org/dist/httpd/CHANGES_2.0
The Change Log for Apache 1.3 at http://www.apache.org/dist/httpd/CHANGES_1.3
CVE-2007-5000 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
CVE-2007-6388 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388

State: Resolved

First released: 28-Feb-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1

Permalink | Comments [0]

02 May 2008 Sun Alert 236321 A Security Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Panic and Denial of Service (DoS)
posted by Sun Security Coordination Team in Alerts

Product: Solaris 10 Operating System

A security vulnerability in Solaris 10 related to the SCTP protocol may allow a local or remote unprivileged user to cause a system panic resulting in a Denial of Service (DoS) condition. (See also sctp(7P)).

State: Resolved

First released: 02-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236321-1

Permalink | Comments [0]

02 May 2008 Sun Alert 236521 A Security Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Denial of Network Services Due to Network Flooding
posted by Sun Security Coordination Team in Alerts

Product: Solaris 10 Operating System

A security vulnerability in Solaris 10 related to the SCTP protocol (see sctp(7P)) may allow a local or remote unprivileged user to cause significant performance degradation or hang the system or network devices, resulting in a Denial of Service (DoS) condition.

State: Resolved

First released: 02-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236521-1

Permalink | Comments [0]