Product: Solaris 9 Operating System Solaris 10 Operating System
There are several vulnerabilities in the Tomcat JSP/Servlet container
which affect Tomcat 4.0 bundled in Solaris 10 and Solaris 9.

These issues may allow a remote or local unprivileged user to cause
a denial of service (DoS), inject arbitrary web script or HTML via
Cross-Site Scripting (XSS) attempts, read arbitrary files and
source code from the server, or obtain the installation path and
other sensitive information.

Additional information regarding these issues is available at:

������ * Apache Tomcat 4.x vulnerabilities:
http://tomcat.apache.org/security-4.html

������ * CVE-2002-1148 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148

������ * CVE-2002-1394 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394

������ * CVE-2002-2006 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006

������ * CVE-2003-0866 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866

������ * CVE-2005-2090 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090

������ * CVE-2005-3164 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164

������ * CVE-2005-3510 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510

������ * CVE-2006-3835 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835

������ * CVE-2007-0450 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450

������ * CVE-2007-1355 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355

������ * CVE-2007-1358 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358

������ * CVE-2007-2450 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450

������ * CVE-2007-5461 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461

State: Workaround
First released: 30-Jun-2008
Permalink | Comments [0]

Product:
State: Workaround
First released: 30-Jun-2008
Permalink | Comments [0]

Product: Sun Java System Access Manager 6 2005Q1 Sun Java System Access Manager 7.1 Sun Java System Identity Server 6.1 Sun Java System Identity Server 6.2 Sun Java System Access Manager 7 2005Q4

The Sun Java System Access Manager may not securely process XSLT stylesheets which are contained inside XSLT Transforms in XML Signatures.

A remote user who is able to create such an XML Signature which is viewed locally with Access Manager may be able to execute arbitrary code with the privileges of the Access Manager application. Access Manager is run by a web container application, such as the Sun Java System Application Server, and thus the privileges of Access Manager are the same as the configured web container application.

Sun acknowledges with thanks, Brad Hill of iSEC Partners for bringing this issue to our attention.


State: Resolved
First released: 26-Jun-2008
Permalink | Comments [0]

Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System
State: Resolved
First released: 26-Jun-2008
Permalink | Comments [0]

Product: Solaris 10 Operating System
State: Workaround
First released: 25-Jun-2008
Permalink | Comments [0]

Product:
State: Workaround
First released: 23-Jun-2008
Permalink | Comments [0]

Product: Mozilla v1.7 Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System

The JavaScript Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS).

The following Mozilla advisory describes 15 separate memory corruption issues:

This Sun Alert corresponds to the 10 JavaScript engine issues described in the Mozilla advisory under CVE-2006-5748.

Note that of these 10 vulnerabilities, Mozilla 1.7 is only affected by the following six issues:

Additional references:

State: Workaround
First released: 08-Nov-2007
Permalink | Comments [0]

Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris
State: Workaround
First released: 18-Jun-2008
Permalink | Comments [0]

Product:
State: Workaround
First released: 16-Jun-2008
Permalink | Comments [0]

Product: Solaris 10 Operating System, OpenSolaris
State: Resolved
First released: 13-Jun-2008
Permalink | Comments [0]

Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System, OpenSolaris


An off-by-one buffer overflow in the inet_network() library function,
defined in the libsocket(3LIB), libresolv(3LIB), and the SunOS 4.x binary
compatibility libraries libc.so.1.9 and libc.so.2.9 in Solaris, may affect
applications which make use of this routine. Depending on the
application, this may allow a local or remote unprivileged user to crash
the application using the inet_network() routine (which is a type of
Denial of Service).This issue is also referenced in the following document:

CVE-2008-0122 at

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122
State: Resolved
First released: 04-Jun-2008
Permalink | Comments [0]

Product: Solaris 10 Operating System, OpenSolaris
State: Resolved
First released: 12-Jun-2008
Permalink | Comments [0]

Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System, OpenSolaris
State: Workaround
First released: 12-Jun-2008
Permalink | Comments [0]

Product: Solaris 10 Operating System, OpenSolaris
State: Workaround
First released: 12-Jun-2008
Permalink | Comments [0]

Product: Solaris 10 Operating System

A security vulnerability in the Solaris 10 event port implementation may lead to a system panic when executing an application program that submits and retreives user-defined events from a port.�� This may allow a local unprivileged user to cause a system panic resulting in Denial of Service (DoS) condition in the affected host.

State: Resolved
First released: 11-Jun-2008
Permalink | Comments [0]