Permalink | Comments [0]

Sun Java System Portal Server Secure Remote Access can be configured to be not vulnerable to CVE-2009-2631. Secure Remote Access Gateway offers client-less SSL VPN functionality. It rewrites the URLs only for explicitly configured domains and subdomains. Hence it is not vulnerable to attacks launched from the Internet. Access to domains or hosts within the intranet can be further controlled by Allow/Deny access list to restrict access to only trusted internal sites.

Please refer to Sun Java System Portal Server Secure Remote Access Administration Guide to see examples of configuring the access control in Portal Server Gateway.

Permalink | Comments [0]

A race condition security vulnerability in Solaris IP(7p) Kernel Module may allow a local or remote unprivileged user to panic the system, resulting in a Denial of Service (DoS).

Permalink | Comments [0]

A security vulnerability in the optional Sun VirtualBox Guest Additions may allow local unprivileged
users to exhaust the kernel memory of the guest operating system, leading to a Denial of Service
against the guest operating system running in a virtual machine.

Since the Guest Additions are installed in the guest operating system only, this vulnerability is limited
to local users of the guest operating system running in a virtual machine where the Guest Additions
have been installed. The host operating system is not affected.

Sun would like to acknowledge with thanks, Thomas Biege of SUSE Linux for bringing this issue to our attention.

This issue is also referenced in the following document:

Permalink | Comments [1]

A security vulnerability in the ZFS file system in OpenSolaris and Solaris 10 systems with patches 137137-09 (SPARC) or 137138-09 (x86) installed may allow a local unprivileged user with the 'file_chown_self' privilege to take ownership of files belonging to another user.

Permalink | Comments [0]

A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges.

Sun would like to acknowledge with thanks, Thomas Biege of SUSE Linux for bringing this issue to our attention.

This issue is also referenced in the following document:

Permalink | Comments [0]

Two vulnerabilities in the Java Runtime Environment with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition.

Sun acknowledges with thanks, BFK edv-consulting GmbH, for bringing the first issue to our attention.

Permalink |

A security vulnerability in the Java Runtime Environment with verifying HMAC digests may allow authentication to be bypassed. This could allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures may be vulnerable to this type of attack.

Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

Sun acknowledges, with thanks, Coda Hale for bringing this issue to our attention.

Permalink |

Multiple buffer and integer overflow vulnerabilities in the Java Runtime Environment with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges with thanks, the following researchers for bringing these issues to our attention:

CR 6854303: An anonymous researcher, working with the Zero Day Initiative (http://www.zerodayinitiative.com) and TippingPoint (http://www.tippingpoint.com).

CR 6862970: An anonymous researcher working with the iDefense VCP (http://labs.idefense.com/vcp/).

CR 6872357 and CR 6872358: Peter Vreugdenhil, working with the Zero Day Initiative (http://www.zerodayinitiative.com) and TippingPoint (http://www.tippingpoint.com).

CR 6872358, CR 6862969 and CR 6862968: regenrecht working with iDefense VCP (http://labs.idefense.com/vcp/).

CR 6874643: regenrecht working with Zero Day Initiative (http://www.zerodayinitiative.com) and TippingPoint (http://www.tippingpoint.com).

Permalink |

A security vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) protocols in the handling of session renegotiations affects OpenSSL (see openssl(5)). This issue may allow a remote unauthenticated user with the ability to intercept and control network traffic to perform man-in-the-middle (MITM) attack to inject arbitrary plaintext at the beginning of the application protocol stream, thus compromising the integrity of the communication. This vulnerability does not allow one to decrypt the intercepted network communication.

The exact nature of the impact of compromised data integrity depends on the application making use of the OpenSSL libraries.

Sun acknowledges with thanks, Marsh Ray and Steve Dispensa of PhoneFactor for bringing this issue to our attention.

This issue is also referenced in the following documents:

Permalink | Comments [1]

Multiple buffer and integer overflow vulnerabilities in Python (see python(1)) may allow a local or remote unprivileged user to execute arbitrary code with the privileges of the Python application or crash a Python application resulting in a Denial of Service (DoS).

These issues are also referenced in the following documents:

Permalink |

A security vulnerability in the Java Web Start Installer may be leveraged to allow an untrusted Java Web Start application to run as a trusted application and execute arbitrary code. This may occur when a user opens a specially crafted web page that exploits this vulnerability.

Sun acknowledges with thanks, Peter Csepely, working with the Zero Day Initiative (http://www.zerodayinitiative.com/) and TippingPoint (http://www.tippingpoint.com/) for bringing this issue to our attention.

Permalink |

A security vulnerability in Solaris Sockets Direct Protocol (SDP) driver (sdp(7D)) may allow a local or remote unprivileged user to exhaust all kernel memory.  This is a type of Denial of Service (DoS).

Note: No applications bundled with Solaris are affected by this issue however third-party applications which make use of SDP may be affected.
Permalink |

Prentice Hall has published the book Solaris 10 Security Essentials which describes the various security technologies contained in the Solaris operating system. This is now available at Amazon.com or Safari

"Solaris™ 10 Security Essentials describes the various security technologies contained in the Solaris operating system. The book describes how to make installations secure and how to configure the OS to the particular needs of your environment, whether your systems are on the edge of the Internet or running a data center. The authors present the material in a straightforward way that makes a seemingly arcane subject accessible to system administrators at all levels.

"The strengths of the Solaris operating system’s security model are its scalability and its adaptability. It can protect a single user with login authentication or multiple users with Internet and intranet configurations requiring user-rights management, authentication, encryption, IP security, key management, and more. This book is written for users who need to secure their laptops, network administrators who must secure an entire company, and everyone in between."

Authors include Glenn Brunette, Hai-May Chao, Martin Englund, Glenn Faden, Mark Fenwick, Valerie Anne Fenwick, Wyllys Ingersoll, Wolfgang Ley, Darren Moffat, Pravas Kumar Panda, Jan Pechanec, Mark Phalan, Darren Reed, Scott Rotondo, Christoph Schuba, Sharon Read Veach, Joep Vesseur, and Paul Wernau.

Solaris 10 Security Essentials; Sun Microsystems Security Engineers; Prentice Hall PTR; November 23, 2009; ISBN 978-0137012336

tags: book security solaris

Permalink |

A heap-based buffer overflow vulnerability in the MSN protocol handler of libpurple(3), the shared library that adds support for various instant messaging networks to the pidgin(1) Instant Messaging client (previously known as Gaim), may allow remote unprivileged users to execute arbitrary code or cause a Denial of Service (DoS) through an application crash.

Additional information on this issue can be found in the following document:

    CVE-2009-2694 at:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
Permalink |