Sun Security Blog
Security
|
Product: Solaris 9 Operating System Solaris 10 Operating System There are several vulnerabilities in the Tomcat JSP/Servlet containerwhich affect Tomcat 4.0 bundled in Solaris 10 and Solaris 9. These issues may allow a remote or local unprivileged user to cause a denial of service (DoS), inject arbitrary web script or HTML via Cross-Site Scripting (XSS) attempts, read arbitrary files and source code from the server, or obtain the installation path and other sensitive information. Additional information regarding these issues is available at: ������ * Apache Tomcat 4.x vulnerabilities: State: Workaround First released: 30-Jun-2008
Permalink
|
Comments [0]
26 Jun 2008
Sun Alert 201538 Sun Java System Access Manager Does Not Securely Process XSLT Stylesheets contained in XML Signatures contained in XML Signatures
Product: Sun Java System Access Manager 6 2005Q1 Sun Java System Access Manager 7.1 Sun Java System Identity Server 6.1 Sun Java System Identity Server 6.2 Sun Java System Access Manager 7 2005Q4 The Sun Java System Access Manager may not securely process XSLT stylesheets which are contained inside XSLT Transforms in XML Signatures. A remote user who is able to create such an XML Signature which is viewed locally with Access Manager may be able to execute arbitrary code with the privileges of the Access Manager application. Access Manager is run by a web container application, such as the Sun Java System Application Server, and thus the privileges of Access Manager are the same as the configured web container application. Sun acknowledges with thanks, Brad Hill of iSEC Partners for bringing this issue to our attention. State: Resolved First released: 26-Jun-2008
Permalink
|
Comments [0]
26 Jun 2008
Sun Alert 237985 A Security Vulnerability in the Solaris snmpXdmid(1M) may lead to a Denial of Service (DoS) condition
Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System State: Resolved First released: 26-Jun-2008
Permalink
|
Comments [0]
25 Jun 2008
Sun Alert 239286 Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code
Product: Solaris 10 Operating System State: Workaround First released: 25-Jun-2008
Permalink
|
Comments [0]
23 Jun 2008
Sun Alert 103139 Multiple Security Vulnerabilities in the JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10
Product: Mozilla v1.7 Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System The JavaScript Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS). The following Mozilla advisory describes 15 separate memory corruption issues: This Sun Alert corresponds to the 10 JavaScript engine issues described in the Mozilla advisory under CVE-2006-5748. Note that of these 10 vulnerabilities, Mozilla 1.7 is only affected by the following six issues:
Additional references:
State: Workaround First released: 08-Nov-2007
Permalink
|
Comments [0]
18 Jun 2008
Sun Alert 239006 Multiple Security Vulnerabilities in the FreeType2 library for Printer Font Binary (PFB) or TrueType Font (TTF) format font files may lead to a Denial of Service (DoS) or allow Execution of Arbitrary Code
Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris State: Workaround First released: 18-Jun-2008
Permalink
|
Comments [0]
13 Jun 2008
Sun Alert 238250 Denial of Service (DoS) Vulnerability in the Solaris e1000g(7D) Gigabit Ethernet Driver
Product: Solaris 10 Operating System, OpenSolaris State: Resolved First released: 13-Jun-2008
Permalink
|
Comments [0]
13 Jun 2008
Sun Alert 238493 Security Vulnerability in inet_network() Library Routine May Allow Denial of Service (DoS) to Applications
Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System, OpenSolaris defined in the libsocket(3LIB), libresolv(3LIB), and the SunOS 4.x binary compatibility libraries libc.so.1.9 and libc.so.2.9 in Solaris, may affect applications which make use of this routine. Depending on the application, this may allow a local or remote unprivileged user to crash the application using the inet_network() routine (which is a type of Denial of Service).This issue is also referenced in the following document: CVE-2008-0122 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122 State: Resolved First released: 04-Jun-2008
Permalink
|
Comments [0]
12 Jun 2008
Sun Alert 237965 A Security Vulnerability in IP Multicast Filter processing of Sockets may lead to a system panic or possible execution of Arbitrary Code
Product: Solaris 10 Operating System, OpenSolaris State: Resolved First released: 12-Jun-2008
Permalink
|
Comments [0]
12 Jun 2008
Sun Alert 238686 Multiple security vulnerabilities in the Solaris X Server Extensions may lead to a Denial of Service (DoS) condition or allow Execution of Arbitrary Code
Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System, OpenSolaris State: Workaround First released: 12-Jun-2008
Permalink
|
Comments [0]
Product: Solaris 10 Operating System, OpenSolaris State: Workaround First released: 12-Jun-2008
Permalink
|
Comments [0]
11 Jun 2008
Sun Alert 235122 Vulnerability in the Solaris 10 Event Port Implementation May Lead to a System Panic, Resulting in a Denial of Service (DoS)
Product: Solaris 10 Operating System A security vulnerability in the Solaris 10 event port implementation may lead to a system panic when executing an application program that submits and retreives user-defined events from a port.�� This may allow a local unprivileged user to cause a system panic resulting in Denial of Service (DoS) condition in the affected host. State: Resolved First released: 11-Jun-2008
Permalink
|
Comments [0]
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
