Sun Security Blog
|
Product: Solaris 9 Operating System Solaris 10 Operating System There are several vulnerabilities in the Tomcat JSP/Servlet containerwhich affect Tomcat 4.0 bundled in Solaris 10 and Solaris 9. These issues may allow a remote or local unprivileged user to cause a denial of service (DoS), inject arbitrary web script or HTML via Cross-Site Scripting (XSS) attempts, read arbitrary files and source code from the server, or obtain the installation path and other sensitive information. Additional information regarding these issues is available at: ������ * Apache Tomcat 4.x vulnerabilities: State: Resolved First released: 30-Jun-2008
Permalink
|
Comments [0]
Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris A security vulnerability with system calls in the Solaris Kernel may allow two unprivileged local user processes to establish a covert communication channel bypassing system restrictions such as the multi-level security policy found in Solaris Trusted Extensions or the isolation policy implemented using zones(5) or chroot(2). State: Resolved First released: 27-Aug-2008
Permalink
|
Comments [0]
27 Aug 2008
Sun Alert 239186 A Security Vulnerability in Solaris 10 involving the sendfilev() system call could result in Denial of Service (DoS) due to System Panic
Product: Solaris 10 Operating System OpenSolaris A security vulnerability in Solaris 10 related to the sendfilev() system call may allow a user who has the ability to create pages that are hosted on a Solaris 10 system using Apache 2.2.x to create a carefully crafted web page which could cause a system panic resulting in a Denial of Service (DoS) condition. State: Resolved First released: 06-Aug-2008
Permalink
|
Comments [0]
27 Aug 2008
Sun Alert 241066 A Security Vulnerability in the Solaris NFS Kernel Module May Lead to a System Panic, Resulting in a Denial of Service (DoS)
Product: Solaris 10 Operating System OpenSolaris A security vulnerability in the Solaris NFS kernel module on Solaris 10 systems with kernel patches 120011-14 (SPARC) and 120012-14 (x86), may allow a local unprivileged user to cause an NFS server to panic, resulting in a Denial of Service (DoS). State: Resolved First released: 22-Aug-2008
Permalink
|
Comments [0]
25 Aug 2008
Sun Alert 240866 Security Vulnerability in Solaris 10 NFS Remote Procedure Calls (RPCs) May Allow a Denial of Service (DoS) or Data Integrity Issues for Non-Global Zones
Product: Solaris 10 Operating System OpenSolaris A security vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation may allow a local user with administrative privileges in a non-global zone to intercept and corrupt NFS traffic destined for other non-global zones on the system.�� This may result in a Denial of Service (DoS) to the NFS services in the affected non-global zones. State: Resolved First released: 25-Aug-2008
Permalink
|
Comments [0]
Product: Solaris 10 Operating System A security vulnerability in the NFSv4 client kernel module may allow a local unprivileged user who cooperates with a remote privileged user on an NFSv4 server to be able to cause all NFSv4 mounts on client systems which have an NFSv4 mount of�� the above NFSv4 server to become unresponsive.�� This is a type of Denial of Service (DoS). State: Resolved First released: 18-Aug-2008
Permalink
|
Comments [0]
15 Aug 2008
Sun Alert 239308 Cross Site Scripting (XSS) Vulnerability in Sun Java System Portal Server's Portlets may Lead to Execution of Arbitrary Code
Product: Sun Java System Portal Server 7.0 Sun Java System Portal Server 7.1 A Cross Site Scripting (XSS) security vulnerability exists in some of the Portlets bundled with Sun Java System Portal Server that may allow remote users to execute arbitrary JavaScript code in a user's web browser. State: Resolved First released: 15-Aug-2008
Permalink
|
Comments [0]
15 Aug 2008
Sun Alert 240708 Multiple Security Vulnerabilities in rdesktop may lead to Execution of Arbitrary Code or Denial of Service (DOS)
Product: OpenSolaris Multiple security vulnerabilities in the Remote Desktop Protocol (RDP) Client (rdesktop.1) may allow remote unprivileged users to execute arbitrary code with the permissions of the local user or lead to a Denial of Service (DoS) if rdesktop is used to connect to an untrusted RDP server. http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=696 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=697 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=698 CVE-2008-1801 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801 CVE-2008-1802 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802 CVE-2008-1803 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803 State: Preliminary First released: 15-Aug-2008
Permalink
|
Comments [0]
13 Aug 2008
Sun Alert 240327 A Security Vulnerability in the ftp Subsystem of Sun Java System Web Proxy Server 4.0 May Lead to a Denial of Service (DoS)
Product: Sun Java System Web Proxy Server 4.0 A Security vulnerability in the FTP subsystem of Sun Java System Web Proxy Server 4.0 may allow a local or remote unprivileged user to prevent the proxy server from accepting new connections, resulting in a Denial of Service (DoS) to the proxy server. State: Resolved First released: 12-Aug-2008
Permalink
|
Comments [0]
13 Aug 2008
Sun Alert 101393 TCP Port Conflict Between Sun Cluster for OPS/RAC and Solaris Secure Shell Server, and Possible Denial of Service Attack by Unprivileged Users Upon Sun Cluster
11 Aug 2008
Sun Alert 238686 Multiple Security Vulnerabilities in the Solaris X Server Extensions may lead to a Denial of Service (DoS) condition or allow Execution of Arbitrary Code
Product: Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating System, OpenSolaris Multiple integer, heap and buffer overflow security vulnerabilities exist in the Render, RECORD, Security, and MIT-SHM Extensions to the Solaris X11 display server (Xorg(1) and Xsun(1)) and the Solaris X11 print server (Xprt(1)).�� These vulnerabilities may allow a local or remote unprivileged user who is authorized (via xhost(1) or xauth(1)) to connect to the X server and execute arbitrary code with root privileges, access arbitrary memory within the X server's address space, or crash the X11 display server process. The ability to crash the X11 display server is a type of Denial of Service (DoS). CVE-2008-2360 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360 CVE-2008-2361 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361 CVE-2008-2362 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362 CVE-2008-1379 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379 CVE-2008-1377 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377 State: Workaround First released: 12-Jun-2008
Permalink
|
Comments [0]
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||