A security vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) protocols in the handling of session renegotiations affects OpenSSL (see openssl(5)). This issue may allow a remote unauthenticated user with the ability to intercept and control network traffic to perform man-in-the-middle (MITM) attack to inject arbitrary plaintext at the beginning of the application protocol stream, thus compromising the integrity of the communication. This vulnerability does not allow one to decrypt the intercepted network communication.

The exact nature of the impact of compromised data integrity depends on the application making use of the OpenSSL libraries.

Sun acknowledges with thanks, Marsh Ray and Steve Dispensa of PhoneFactor for bringing this issue to our attention.

This issue is also referenced in the following documents:

Permalink | Comments [0]

Two security vulnerabilities in SAMBA(7) may result in one or both of the following issues:

1. A remote unprivileged user with a valid SAMBA account may gain unauthorized access to the remote root file system. This issue is referenced in the following CVE document:

2. A remote unprivileged user on an authenticated SAMBA connection may cause a Denial of Service (DoS) condition via specially crafted SMB requests. This issue is referenced in the following CVE document:

Permalink | Comments [0]

A security vulnerability in the optional Sun VirtualBox Guest Additions may allow local unprivileged
users to exhaust the kernel memory of the guest operating system, leading to a Denial of Service
against the guest operating system running in a virtual machine.

Since the Guest Additions are installed in the guest operating system only, this vulnerability is limited
to local users of the guest operating system running in a virtual machine where the Guest Additions
have been installed. The host operating system is not affected.

Sun would like to acknowledge with thanks, Thomas Biege of SUSE Linux for bringing this issue to our attention.

Permalink | Comments [1]

Security vulnerabilities in the Solaris IP(7P) module and STREAMS Framework may allow an unprivileged local user to leak kernel memory, eventually causing the system to hang. This is a type of Denial of Service (DoS).

Permalink |

A  security vulnerability in the the OSCAR protocol plugin library, the shared library that adds support for various instant messaging networks to the pidgin(1) Instant Messaging client (previously known as Gaim), may allow remote unprivileged users to cause a Denial of Service (DoS) through an application crash via crafted contact-list data for (1) ICQ and possibly (2) AIM.

This issue is also referenced in the following document:

CVE-2009-3615 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615

Permalink |

The web interface of the Common Unix Printing System (CUPS) in versions 1.4.1 and earlier is impacted by multiple security vulnerabilities which may lead to Cross-Site Scripting (XSS) and HTTP Response Splitting Attacks. These vulnerabilities could allow an unprivileged local or remote user (depending on the CUPS configuration), to inject malicious client-side scripts or HTML into the CUPS web interface page.

These issues are also described in the following document:

Permalink |

Multiple security vulnerabilities in libpng(3), which is shipped with Solaris, may allow a local or remote unprivileged user to disclose potentially sensitive information associated with applications linked to libpng(3), when a user has loaded a specially crafted Portable Network Graphics (PNG) format image file (.png) supplied by an untrusted user.

These issues are also described in the following document:

    CVE-2009-2042 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042

Permalink |

A security vulnerability in Solaris TCP sockets may allow local unprivileged users to leak kernel memory, thereby causing a Denial of Service (DoS) condition.
Permalink |

A security vulnerability in the TLS protocol (TLS 1.0 or later and SSLv3) may allow an unauthenticated, remote attacker to conduct man-in-the-middle (MITM) type of attacks where chosen plain text may be injected as a prefix in an user's TLS session. This vulnerability does not allow one to decrypt the intercepted network communication.

This issue is referenced in CVE-2009-3555

Exact nature of the impact depends on the application making use of the TLS facility. Applications which use Network Security Services (NSS), Java Secure Socket Extensions (JSSE), OpenSSL or GnuTLS libraries may be affected.

Sun is evaluating the impact of the issue on various products which make use of the TLS libraries. We are working to fix the TLS implementations according to the TLS protocol standard extensions currently being developed.

Solaris Kernel SSL proxy module KSSL does not support client renegotiation or rehandshake. It ignores the rehandshake message which is an allowed behavior by the SSL/TLS specification. Hence it is not vulnerable to this issue. KSSL (see ksslcfg(1M)) is available in Solaris 10 and OpenSolaris. It may be used to workaround the described issue.

tags: gnutls jsse nss openssl security tls vulnerability

Permalink |

Two security vulnerabilities exist in the Apache 2 mod_perl2(3) module
components which affect the Apache 2.0 web server bundled with Solaris
10 and the Apache 2.2 web server bundled with OpenSolaris.

The first issue, a Denial of Service (DoS) vulnerability in the "RunPerl.pm"
component (CVE-2007-1349), may allow a remote unprivileged user to
cause a Denial of Service to the Apache 2 "httpd" process.

The second issue, a Cross Site Scripting (CSS or XSS) vulnerability in the
"Status.pm" component (CVE-2009-0796), may allow a remote unprivileged
user to inject arbitrary web script or HTML. This may allow the unprivileged
user to bypass access control and gain access to unauthorized data.

Additional information regarding these issues is available at:

CVE-2007-1349 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349

CVE-2009-0796 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796




Permalink |

A remote unprivileged user may be able to crash an application which dynamically links to the Portable Network Graphics library (libpng(3)) due to a security vulnerability in libpng(3). The ability to crash an application is a type of Denial of Service (DoS). A number of applications which comprise the GNOME desktop environment dynamically link with libpng(3).

This issue is described in the following documents:

• CERT VU# 684664 at: https://www.kb.cert.org/vuls/id/684664
• CVE-2007-2445 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445

Permalink |

A security vulnerability in SCTP (Stream Control Transmission Protocol (see sctp(7P))) and SDP (Sockets Direct Protocol driver (see sdp(7D))) sockets may allow local unprivileged users to leak kernel memory, thereby causing a Denial of Service (DoS) condition.
Permalink |

The Java Runtime Environment (JRE) Java Update mechanism running on non-English versions of the Windows operating system does not update the JRE when a new version is available.

Sun acknowledges with thanks, Tomasz "Tometzky" Ostrowski for bringing this issue to our attention.

Permalink |

Two vulnerabilities in the Java Runtime Environment with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition.

Sun acknowledges with thanks, BFK edv-consulting GmbH, for bringing the first issue to our attention.

Permalink |

A security vulnerability in the Java Runtime Environment with verifying HMAC digests may allow authentication to be bypassed. This could allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures may be vulnerable to this type of attack.

Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

Sun acknowledges, with thanks, Coda Hale for bringing this issue to our attention.

Permalink |