Sun Security Blog
|
19 Nov 2009
Sun Alert 273029 Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL
Product: Solaris 10, OpenSolaris A security vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) protocols in the handling of session renegotiations affects OpenSSL (see openssl(5)). This issue may allow a remote unauthenticated user with the ability to intercept and control network traffic to perform man-in-the-middle (MITM) attack to inject arbitrary plaintext at the beginning of the application protocol stream, thus compromising the integrity of the communication. This vulnerability does not allow one to decrypt the intercepted network communication. The exact nature of the impact of compromised data integrity depends on the application making use of the OpenSSL libraries. Sun acknowledges with thanks, Marsh Ray and Steve Dispensa of PhoneFactor for bringing this issue to our attention. This issue is also referenced in the following documents: CVE-2009-3555 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 US-CERT VU#120541 at http://www.kb.cert.org/vuls/id/120541 State: Workaround First released: 19-Nov-2009
Permalink
|
Comments [0]
17 Nov 2009
Sun Alert 271069 Two Security Vulnerabilities in SAMBA(7) May Allow Unauthorized Access to the Remote Root Filesystem or May Lead to a Denial of Service (DoS) Condition
Product: Samba 3.0.36, Solaris 9, Solaris 10 operating System, OpenSolaris Two security vulnerabilities in SAMBA(7) may result in one or both of the following issues: 1. A remote unprivileged user with a valid SAMBA account may gain unauthorized access to the remote root file system. This issue is referenced in the following CVE document:
State: Workaround First released: 17-Nov-2009
Permalink
|
Comments [0]
13 Nov 2009
Sun Alert 271149 Security Vulnerability in VirtualBox Guest Additions May Lead to Denial of Service against the Virtual Machine
Product: Sun xVM VirtualBox 1.6, Sun xVM VirtualBox 2.0, Sun xVM VirtualBox 2.1, Sun xVM VirtualBox 2.2, Sun VirtualBox 3.0 A security vulnerability in the optional Sun VirtualBox Guest Additions may allow local unprivileged State: Resolved First released: 13-Nov-2009
Permalink
|
Comments [1]
11 Nov 2009
Sun Alert 263388 Security Vulnerabilities in Solaris IP(7P) Module and STREAMS Framework May Lead to a Denial of Service (DoS) Condition
Product: Solaris 8, Solaris 9, Solaris 10, OpenSolaris Security vulnerabilities in the Solaris IP(7P) module and STREAMS Framework may allow an unprivileged local user to leak kernel memory, eventually causing the system to hang. This is a type of Denial of Service (DoS). State: Resolved First released: 30-Sep-2009
Permalink
|
10 Nov 2009
Sun Alert 272489 Security Vulnerability in the OSCAR Protocol Plugin for pidgin(1) may Lead to a Denial of Service (DoS) Condition
Product: Solaris 10, OpenSolaris A security vulnerability in the the OSCAR protocol plugin library, the shared library that adds support for various instant messaging networks to the pidgin(1) Instant Messaging client (previously known as Gaim), may allow remote unprivileged users to cause a Denial of Service (DoS) through an application crash via crafted contact-list data for (1) ICQ and possibly (2) AIM. This issue is also referenced in the following document: CVE-2009-3615 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615 State: Workaround First released: 10-Nov-2009
Permalink
|
10 Nov 2009
Sun Alert 271169 Multiple Security Vulnerabilities in the Common Unix Printing System (CUPS) Web Interface in OpenSolaris May Lead to Cross-Site Scripting (XSS) and HTTP Response Splitting Attacks
Product: OpenSolaris The web interface of the Common Unix Printing System (CUPS) in versions 1.4.1 and earlier is impacted by multiple security vulnerabilities which may lead to Cross-Site Scripting (XSS) and HTTP Response Splitting Attacks. These vulnerabilities could allow an unprivileged local or remote user (depending on the CUPS configuration), to inject malicious client-side scripts or HTML into the CUPS web interface page. These issues are also described in the following document: CVE-2009-2820 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820 State: Workaround First released: 10-Nov-2009
Permalink
|
10 Nov 2009
Sun Alert 269788 Security Vulnerability in Solaris libpng(3) May Allow a Remote User to Disclose Potentially Sensitive Information from Applications Linked to libpng(3)
Product: Solaris 8, Solaris 9, Solaris 10, OpenSolaris Multiple security vulnerabilities in libpng(3), which is shipped with Solaris, may allow a local or remote unprivileged user to disclose potentially sensitive information associated with applications linked to libpng(3), when a user has loaded a specially crafted Portable Network Graphics (PNG) format image file (.png) supplied by an untrusted user. These issues are also described in the following document: CVE-2009-2042 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 State: Workaround First released: 14-Oct-2009
Permalink
|
10 Nov 2009
Sun Alert 266488 Security Vulnerability in Solaris TCP sockets May Allow Unprivileged Users to Cause a Denial of Service (DoS) Condition
Product: OpenSolaris A security vulnerability in Solaris TCP sockets may allow local unprivileged users to leak kernel memory, thereby causing a Denial of Service (DoS) condition. State: Resolved First released: 10-Nov-2009
Permalink
|
A security vulnerability in the TLS protocol (TLS 1.0 or later and SSLv3) may allow an unauthenticated, remote attacker to conduct man-in-the-middle (MITM) type of attacks where chosen plain text may be injected as a prefix in an user's TLS session. This vulnerability does not allow one to decrypt the intercepted network communication. This issue is referenced in CVE-2009-3555 Exact nature of the impact depends on the application making use of the TLS facility. Applications which use Network Security Services (NSS), Java Secure Socket Extensions (JSSE), OpenSSL or GnuTLS libraries may be affected. Sun is evaluating the impact of the issue on various products which make use of the TLS libraries. We are working to fix the TLS implementations according to the TLS protocol standard extensions currently being developed. Solaris Kernel SSL proxy module KSSL does not support client renegotiation or rehandshake. It ignores the rehandshake message which is an allowed behavior by the SSL/TLS specification. Hence it is not vulnerable to this issue. KSSL (see ksslcfg(1M)) is available in Solaris 10 and OpenSolaris. It may be used to workaround the described issue. tags: gnutls jsse nss openssl security tls vulnerability Permalink |
05 Nov 2009
Sun Alert 272230 Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" and "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data
Product: Solaris 10, OpenSolaris Two security vulnerabilities exist in the Apache 2 mod_perl2(3) module CVE-2007-1349 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349CVE-2009-0796 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796State: Preliminary First released: 05-Nov-2009
Permalink
|
Product: Solaris 8, Solaris 9, Solaris 10 A remote unprivileged user may be able to crash an application which dynamically links to the Portable Network Graphics library (libpng(3)) due to a security vulnerability in libpng(3). The ability to crash an application is a type of Denial of Service (DoS). A number of applications which comprise the GNOME desktop environment dynamically link with libpng(3). This issue is described in the following documents:
State: Workaround First released: 28-Jun-2007
Permalink
|
04 Nov 2009
Sun Alert 266388 Security Vulnerability in Solaris SCTP (Stream Control Transmission Protocol (see sctp(7P)) and SDP (Sockets Direct Protocol driver (see sdp(7D)) sockets May Allow Unprivileged Users to Cause a Denial of Service (DoS) Condition
Product: OpenSolaris A security vulnerability in SCTP (Stream Control Transmission Protocol (see sctp(7P))) and SDP (Sockets Direct Protocol driver (see sdp(7D))) sockets may allow local unprivileged users to leak kernel memory, thereby causing a Denial of Service (DoS) condition. State: Resolved First released: 04-Nov-2009
Permalink
|
03 Nov 2009
Sun Alert 269868 The Java Update Mechanism on Non-English Versions Does Not Update the JRE When a New Version is Available
Product: Java Platform, Standard Edition (Java SE) The Java Runtime Environment (JRE) Java Update mechanism running on non-English versions of the Windows operating system does not update the JRE when a new version is available. Sun acknowledges with thanks, Tomasz "Tometzky" Ostrowski for bringing this issue to our attention. State: Resolved First released: 03-Nov-2009
Permalink
|
03 Nov 2009
Sun Alert 270476 Two Security Vulnerabilities in the Java Runtime Environment With Decoding DER Encoded Data and Parsing HTTP Headers may Result in a Denial of Service (DoS)
Product: Java Platform, Standard Edition (Java SE) Two vulnerabilities in the Java Runtime Environment with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition. Sun acknowledges with thanks, BFK edv-consulting GmbH, for bringing the first issue to our attention. State: Resolved First released: 03-Nov-2009
Permalink
|
03 Nov 2009
Sun Alert 270475 A Security Vulnerability in the Java Runtime Environment With Verifying HMAC Digests may Allow Authentication to be Bypassed
Product: Java Platform, Standard Edition (Java SE) A security vulnerability in the Java Runtime Environment with verifying HMAC digests may allow authentication to be bypassed. This could allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures may be vulnerable to this type of attack. Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application. Sun acknowledges, with thanks, Coda Hale for bringing this issue to our attention. State: Resolved First released: 03-Nov-2009
Permalink
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||